Fabien Villepinte
2cc1cbf2f4
Fix Bug #75001 : Wrong reflection on mb_eregi_replace
2017-08-02 18:08:42 +02:00
Nikita Popov
e3d25e78eb
Fixed bug #62934
2017-07-28 13:02:25 +02:00
Christoph M. Becker
418da85f15
Fix #71606 : Segmentation fault mb_strcut with HTML-ENTITIES
...
The HTML decoding filter uses the `opaque` member of mbfl_convert_filter
as buffer, but there was no copy constructor defined, what caused double
frees when the filter is copied (what happens multiple times in mb_strcut(),
for instance).
2017-07-23 12:19:27 +02:00
Remi Collet
1c845d2950
Patch from the upstream git
...
https://github.com/kkos/oniguruma/issues/60 (CVE-2017-9228)
Thanks to Mamoru TASAKA <mtasaka@fedoraproject.org>
2017-05-30 15:40:32 +02:00
Remi Collet
5416deec66
Patch from the upstream git
...
https://github.com/kkos/oniguruma/issues/59 (CVE-2017-9229)
b690371bbf97794b4a1d3f295d4fb9a8b05d402d Modified for onig 5.9.6
Thanks to Mamoru TASAKA <mtasaka@fedoraproject.org>
2017-05-30 15:39:21 +02:00
Remi Collet
6a8ae7cf8d
Patch from the upstream git
...
https://github.com/kkos/oniguruma/issues/58 (CVE-2017-9227)
Thanks to Mamoru TASAKA <mtasaka@fedoraproject.org>
2017-05-30 15:38:17 +02:00
Remi Collet
60b1829e1c
Patch from the upstream git
...
https://github.com/kkos/oniguruma/issues/57 (CVE-2017-9224)
Thanks to Mamoru TASAKA <mtasaka@fedoraproject.org>
2017-05-30 15:37:11 +02:00
Remi Collet
1e0c4386ab
Patch from the upstream git
...
https://github.com/kkos/oniguruma/issues/55 (CVE-2017-9226)
b4bf968ad52afe14e60a2dc8a95d3555c543353a Modified for onig 5.9.6
f015fbdd95f76438cd86366467bb2b39870dd7c6 Modified for onig 5.9.6
Thanks to Mamoru TASAKA <mtasaka@fedoraproject.org>
2017-05-30 15:35:42 +02:00
Sammy Kaye Powers
478f119ab9
Update copyright headers to 2017
2017-01-04 11:14:55 -06:00
Anatol Belski
58a945cf68
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
fix C89 compat
2016-12-17 20:45:22 +01:00
Anatol Belski
79e47aae41
fix C89 compat
2016-12-17 20:43:32 +01:00
Stanislav Malyshev
bc85678df3
Add more mbfl string size checks (bug #73505 )
2016-11-26 14:49:48 -08:00
Stanislav Malyshev
58cdd03d92
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
Add more mbfl string size checks (bug #73505 )
2016-11-26 14:48:40 -08:00
Stanislav Malyshev
5ee02b207d
Add more mbfl string size checks (bug #73505 )
2016-11-26 14:47:58 -08:00
Anatol Belski
5e9b4c26a5
remove TSRMLS_*
2016-11-21 23:53:37 +01:00
Dmitry Stogov
a67637039f
Prevent modification of immutable arrays (ext/mbstring/tests/bug26639.phpt failure with opcache.protect_memory=1)
2016-11-17 13:33:05 +03:00
Stanislav Malyshev
e1709b7e58
Fix bug #73082
2016-09-25 16:07:14 -07:00
Yasuo Ohgaki
8c700076d7
Fix bug26639.phpt
2016-09-08 14:07:57 +09:00
Yasuo Ohgaki
379d9a1cfc
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
Fix Bug #72992 mbstring.internal_encoding doesn't inherit default_charset
2016-09-08 13:32:31 +09:00
Yasuo Ohgaki
8bbd0952e5
Fix Bug #72992 mbstring.internal_encoding doesn't inherit default_charset
2016-09-08 13:17:10 +09:00
Yasuo Ohgaki
6f1a52bfbb
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
Fixed Bug #66964 mb_convert_variables() cannot detect recursion
2016-09-06 16:41:52 +09:00
Yasuo Ohgaki
a25f6f89cd
Fixed Bug #66964 mb_convert_variables() cannot detect recursion
2016-09-06 16:05:34 +09:00
Stanislav Malyshev
c3dfe57c23
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
Sync fix for bug #72910 with current upstream
2016-09-04 19:15:30 -07:00
Stanislav Malyshev
d1fbc98ff6
Sync fix for bug #72910 with current upstream
2016-09-04 19:13:48 -07:00
Christoph M. Becker
7f97d63130
Merge branch 'PHP-5.6' into PHP-7.0
2016-09-04 16:39:45 +02:00
Christoph M. Becker
b7259b71b4
Fix #72994 : mbc_to_code() out of bounds read
...
We're backporting commit 999a3553
to the still supported PHP 5.6.
2016-09-04 16:37:06 +02:00
Stanislav Malyshev
ccc8d92d3d
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
Fix bug #72910
5.6.27 will be next
2016-09-01 23:28:44 -07:00
Stanislav Malyshev
e576714f6b
Fix bug #72910
...
Merge upstream patch from 65bdf2a0d1
2016-09-01 23:27:06 -07:00
Christoph M. Becker
972302d2f0
Merge branch 'PHP-5.6' into PHP-7.0
2016-08-30 15:01:12 +02:00
Christoph M. Becker
2f10db36af
Fix #66797 : mb_substr only takes 32-bit signed integer
...
`from` and `len` are `long`, but get passed to mbfl_substr() which expects
`int`s. Therefore we clamp the values to avoid the undefined conversion
behavior.
2016-08-30 14:52:47 +02:00
Christoph M. Becker
e5940aa795
Merge branch 'PHP-5.6' into PHP-7.0
2016-07-30 12:01:29 +02:00
ju1ius
1d32b80903
fixes bad address given to onig_error_code_to_str
...
Closes bug #72710
(cherry picked from commit 0fb7eb6723
)
2016-07-30 11:46:34 +02:00
Christoph M. Becker
805dc0ea47
Merge branch 'PHP-5.6' into PHP-7.0
...
# Resolved conflicts:
# ext/mbstring/php_mbregex.c
2016-07-28 15:26:29 +02:00
Christoph M. Becker
ee6900c3de
Fix #72694 : mb_ereg_search_setpos does not accept a string's last position
...
Setting the search position immediately behind the last character should be
allowed, so we fix this off-by-one error.
2016-07-28 15:21:48 +02:00
Christoph M. Becker
a621023168
Merge branch 'PHP-5.6' into PHP-7.0
2016-07-28 14:03:40 +02:00
Christoph M. Becker
56cdaecb28
Fix #72693 : mb_ereg_search increments search position when a match zero-width
...
That's caused by an off-by-one error, which we fix.
2016-07-28 13:57:38 +02:00
Christoph M. Becker
18a37eeeec
Merge branch 'PHP-5.6' into PHP-7.0
...
# Resolved conflicts:
# ext/mbstring/php_mbregex.c
2016-07-28 13:12:40 +02:00
Christoph M. Becker
d276e6a838
Fix #72691 : mb_ereg_search raises a warning if a match zero-width
...
That warning doesn't make sense (PCRE doesn't throw such a warning either),
so we remove it.
2016-07-28 13:07:05 +02:00
Stanislav Malyshev
8705254f2d
Merge branch 'PHP-7.0.8' into PHP-7.0
...
* PHP-7.0.8:
iFixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
update NEWS
fix tests
fix build
Fix bug #72455 : Heap Overflow due to integer overflows
Fix bug #72434 : ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fix bug #72407 : NULL Pointer Dereference at _gdScaleVert
Fix bug #72402 : _php_mb_regex_ereg_replace_exec - double free
Fix bug #72298 pass2_no_dither out-of-bounds access
Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
Fix bug #72262 - do not overflow int
Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
Fix bug #72275 : don't allow smart_str to overflow int
Fix bug #72340 : Double Free Courruption in wddx_deserialize
Fix bug #72321 - use efree() for emalloc allocation
5.6.23RC1
fix NEWS
set versions
Conflicts:
configure.in
main/php_version.h
2016-06-21 00:25:49 -07:00
Stanislav Malyshev
2a65544f78
Merge branch 'PHP-5.6.23' into PHP-7.0.8
...
* PHP-5.6.23: (24 commits)
iFixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
update NEWS
fix tests
fix build
Fix bug #72455 : Heap Overflow due to integer overflows
Fix bug #72434 : ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fix bug #72407 : NULL Pointer Dereference at _gdScaleVert
Fix bug #72402 : _php_mb_regex_ereg_replace_exec - double free
Fix bug #72298 pass2_no_dither out-of-bounds access
Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
Fix bug #72262 - do not overflow int
Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
Fix bug #72275 : don't allow smart_str to overflow int
Fix bug #72340 : Double Free Courruption in wddx_deserialize
update NEWS
Fix #66387 : Stack overflow with imagefilltoborder
Fix bug #72321 - use efree() for emalloc allocation
5.6.23RC1
Fix bug #72140 (segfault after calling ERR_free_strings())
...
Conflicts:
configure.in
ext/mbstring/php_mbregex.c
ext/mcrypt/mcrypt.c
ext/spl/spl_array.c
ext/spl/spl_directory.c
ext/standard/php_smart_str.h
ext/standard/string.c
ext/standard/url.c
ext/wddx/wddx.c
ext/zip/php_zip.c
main/php_version.h
2016-06-21 00:24:32 -07:00
Stanislav Malyshev
7dde353ee7
Merge branch 'PHP-5.5' into PHP-5.6.23
...
* PHP-5.5:
Fixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
update NEWS
fix tests
fix build
Fix bug #72455 : Heap Overflow due to integer overflows
Fix bug #72434 : ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fix bug #72407 : NULL Pointer Dereference at _gdScaleVert
Fix bug #72402 : _php_mb_regex_ereg_replace_exec - double free
Fix bug #72298 pass2_no_dither out-of-bounds access
Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
Fix bug #72262 - do not overflow int
Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
Fix bug #72275 : don't allow smart_str to overflow int
Fix bug #72340 : Double Free Courruption in wddx_deserialize
update NEWS
Fix #66387 : Stack overflow with imagefilltoborder
Skip test which is 64bits only
5.5.37 now
Conflicts:
configure.in
ext/mcrypt/mcrypt.c
ext/spl/spl_directory.c
main/php_version.h
2016-06-21 00:01:48 -07:00
Stanislav Malyshev
5b597a2e5b
Fix bug #72402 : _php_mb_regex_ereg_replace_exec - double free
2016-06-18 21:48:39 -07:00
Xinchen Hui
999a3553d5
Fixed(attempt to) bug #72405 (mb_ereg_replace - mbc_to_code (oniguruma) - oob read access)
...
according to ext/mbstring/oniguruma/enc/utf8.c, max bytes are 6
2016-06-15 14:54:57 +08:00
Xinchen Hui
3d56418722
Fixed bug #72399 (Use-After-Free in MBString (search_re))
2016-06-13 18:20:26 -07:00
Anatol Belski
6ec8b2c57d
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
missing return
2016-06-06 07:33:36 +02:00
Anatol Belski
c05b417718
missing return
2016-06-06 07:28:12 +02:00
Xinchen Hui
395863b1d1
Fixed bug #72164 (Null Pointer Dereference - mb_ereg_replace)
2016-05-05 17:27:34 +08:00
Stanislav Malyshev
67fbb06311
Merge branch 'PHP-5.5' into PHP-7.0.5
...
* PHP-5.5:
Fixed bug #71704 php_snmp_error() Format String Vulnerability
Fixed bug #71906 : AddressSanitizer: negative-size-param (-1) in mbfl_strcut
Fixed bug #71906 : AddressSanitizer: negative-size-param (-1) in mbfl_strcut
Fix bug #71798 - Integer Overflow in php_raw_url_encode
Fix bug #71860 : Require valid paths for phar filenames
Going for 5.5.34
Conflicts:
configure.in
ext/phar/phar_object.c
ext/phar/tests/badparameters.phpt
ext/phar/tests/create_path_error.phpt
ext/phar/tests/pharfileinfo_construct.phpt
ext/snmp/snmp.c
ext/standard/url.c
main/php_version.h
2016-03-28 23:55:05 -07:00
Stanislav Malyshev
62da5cdf3d
Merge branch 'PHP-5.5' into PHP-5.6
...
* PHP-5.5:
Fixed bug #71906 : AddressSanitizer: negative-size-param (-1) in mbfl_strcut
Fix bug #71798 - Integer Overflow in php_raw_url_encode
Fix bug #71860 : Require valid paths for phar filenames
Going for 5.5.34
Conflicts:
configure.in
ext/phar/tests/create_path_error.phpt
main/php_version.h
2016-03-28 23:21:15 -07:00
Stanislav Malyshev
f8dd10508b
Fixed bug #71906 : AddressSanitizer: negative-size-param (-1) in mbfl_strcut
2016-03-28 23:15:16 -07:00