clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-10-01 14:56:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
71,002 Commits 494 Branches 1,367 Tags 801 MiB
c6a26cb39d
Commit Graph

71002 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Remi Collet
c6a26cb39d add CVE 2015-02-18 06:44:41 +01:00
Stanislav Malyshev
24f8a68d0a 5.4.39 next 2015-02-17 07:34:00 +01:00
Stanislav Malyshev
bdfe457a2c Port for for bug #68552 2015-02-17 06:53:02 +01:00
Stanislav Malyshev
7b18981830 Fix bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone) 
Conflicts:
	ext/date/php_date.c
 2015-02-17 06:43:51 +01:00
Felipe Pena
82d347a477 - BFN 2015-02-17 01:14:05 -02:00
Felipe Pena
8f9ab04d93 - Fixed bug #67827 (broken detection of system crypt sha256/sha512 support) 2015-02-17 00:23:47 -02:00
Felipe Pena
e08bef442c - Fixed bug #67427 (SoapServer cannot handle large messages) patch by: brandt at docoloc dot de 2015-02-16 13:07:26 -02:00
Yasuo Ohgaki
5b6269a253 Update NEWS 2015-02-14 05:34:57 +09:00
Yasuo Ohgaki
a8722f5330 Add NULL byte protection to exec, system and passthru 2015-02-14 05:25:04 +09:00
George Wang
5e3f0f5671 Fixed #68790 (Missing return) 2015-02-07 12:16:54 -05:00
Stanislav Malyshev
f001c63073 Update header handling to RFC 7230 2015-02-05 20:08:12 -08:00
Stanislav Malyshev
7efbd70b03 fix sizeof size 2015-02-01 12:40:38 -08:00
Stanislav Malyshev
94d6cb4a78 fix TSRM 2015-01-31 23:34:14 -08:00
Stanislav Malyshev
b30a6d6018 Use better constant since MAXHOSTNAMELEN may mean shorter name 2015-01-31 21:46:56 -08:00
Stanislav Malyshev
2cdbd3537f use right sizeof for memset 2015-01-31 21:30:58 -08:00
Stanislav Malyshev
0f9c708229 Add mitigation for CVE-2015-0235 (bug #68925) 2015-01-31 19:08:13 -08:00
Ferenc Kovacs
61ad5e24ea fix some factual errors in the process 2015-01-22 21:27:38 +01:00
Stanislav Malyshev
b3b155ffe2 format 2015-01-20 11:57:17 -08:00
Stanislav Malyshev
547f62ed2a add CVE 2015-01-20 11:54:45 -08:00
Stanislav Malyshev
ef4896d956 add protection against nulls 2015-01-20 11:46:10 -08:00
Stanislav Malyshev
8825311ce1 5.4.38 next 2015-01-20 10:38:33 -08:00
Stanislav Malyshev
e63f7b47e1 Merge branch 'bug68710' into PHP-5.4 
* bug68710:
  Fix for bug #68710 (Use After Free Vulnerability in PHP's unserialize())
 2015-01-20 01:02:26 -08:00
Stanislav Malyshev
fc6aa939f5 Merge branch 'bug68799' into PHP-5.4 
* bug68799:
  Fix bug #68799: Free called on unitialized pointer
 2015-01-20 01:00:11 -08:00
Daniel Lowrey
0a76610459 Update NEWS 2015-01-14 18:03:27 +01:00
Daniel Lowrey
e2fe8e164f Fixed bug #55618 (use case-insensitive cert name matching) 2015-01-14 18:02:50 +01:00
Stanislav Malyshev
2fc178cf44 Fix bug #68799: Free called on unitialized pointer 2015-01-11 00:51:05 -08:00
Anatol Belski
ebb98e7aeb updated libmagic.patch in 5.4 2015-01-04 17:04:13 +01:00
Anatol Belski
ede59c8feb Fixed bug #68735 fileinfo out-of-bounds memory access 2015-01-04 14:20:21 +01:00
Remi Collet
919abf0cb1 removed dead code 2015-01-04 09:40:19 +01:00
Stanislav Malyshev
b585a3aed7 Fix for bug #68710 (Use After Free Vulnerability in PHP's unserialize()) 2015-01-01 16:19:05 -08:00
Stanislav Malyshev
f9ad308669 FIx bug #68618 (out of bounds read crashes php-cgi) 2014-12-30 01:23:05 -08:00
Ferenc Kovacs
cd387b4575 add missing NEWS entry 2014-12-17 02:10:36 +01:00
Stanislav Malyshev
8fe4cc6d28 5.4.37 2014-12-16 11:44:41 -08:00
Stanislav Malyshev
53f129a44d add CVE 2014-12-16 10:16:31 -08:00
Stanislav Malyshev
b75867fff0 add missing test file 2014-12-16 10:15:17 -08:00
Stanislav Malyshev
630f9c33c2 Fix bug #68594 - Use after free vulnerability in unserialize() 2014-12-16 10:15:17 -08:00
Andrea Faulds
034e6decb3 Fix undefined behaviour in strnatcmp 2014-12-13 22:27:10 +00:00
Stanislav Malyshev
97df260b27 update NEWS 2014-12-11 10:41:17 -08:00
Anatol Belski
0323f66fa2 move the test to the right place 2014-12-11 10:39:47 -08:00
Anatol Belski
13f1c276ab Fixed bug #68545 NULL pointer dereference in unserialize.c 2014-12-11 10:39:37 -08:00
Dmitry Stogov
dd791cd717 Fixed possible read after end of buffer and use after free. 2014-12-08 12:18:27 +03:00
Chris Christoff
0e985d3726 Revert unintentional docblock change 
Revert unintentional docblock change

It looks like commit dd8e59da8f
introduced an unintended docbloc change. I have reverted this
change in this commit.
 2014-12-05 13:57:03 -08:00
Ferenc Kovacs
b28c3eb47e make sure that we don't truncate the stack trace and cause false test failures when the test is executed in a directory with long path 2014-12-02 19:17:58 +01:00
Stanislav Malyshev
84be568366 update news 2014-11-30 21:37:39 -08:00
Leigh
301b7f990a Apply error-code-salt fix to Windows too 
Conflicts:
	ext/standard/crypt.c
 2014-11-30 21:07:31 -08:00
Leigh
7e870c596d Bug fixes in light of failing bcrypt tests 
Conflicts:
	ext/standard/crypt.c
 2014-11-30 21:06:39 -08:00
Leigh
2d9d10fbbf Add tests from 1.3. Add missing tests. 
3 of the missing tests fail. // TODO
 2014-11-30 21:05:40 -08:00
Leigh
29f51e1ca9 Upgrade crypt_blowfish to version 1.3 2014-11-30 21:05:32 -08:00
Stanislav Malyshev
7dbc5e5c69 update for LiteSpeed 2014-11-23 18:05:26 -08:00
Stanislav Malyshev
96cde1841a Revert "made lsapi_main.c compatible with PHP7/phpng ." 
This reverts commit 9fb816f45a.
Not a security-related fix.
 2014-11-22 00:38:04 -08:00