clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-29 13:56:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
83,056 Commits 494 Branches 1,367 Tags 788 MiB
cef40c0c3f
Commit Graph

1465 Commits

Author SHA1 Message Date
Nikita Popov
cc3cdd0057 Fixed bug #67582 2016-03-20 17:46:12 +01:00
Xinchen Hui
ead7632cf9 Fixed test script 2016-03-17 15:23:44 +08:00
Lior Kaplan
49493a2dcf Happy new year (Update copyright to 2016) 2016-01-01 19:21:47 +02:00
Xinchen Hui
620ccc9b1a Fixed bug #71204 (segfault if clean spl_autoload_funcs while autoloading) 2015-12-23 08:10:59 -08:00
Reeze Xia
1c0622a472 Make test for bug #70852 to cover all cases 2015-11-05 14:09:24 +08:00
Reeze Xia
51218b3b9d Fixed bug #70852 Segfault getting NULL offset of an ArrayObject. 2015-11-05 13:46:03 +08:00
Stanislav Malyshev
0b35e0c5a1 Merge branch 'pull-request/1535' into PHP-5.6 
* pull-request/1535:
  Bug #70561: Fix DirectoryIterator to throw OutOfBoundsException
 2015-10-18 17:17:55 -07:00
Xinchen Hui
925412ee1c Do not edit the zval cause it might be in shared memory 2015-10-03 19:50:38 -07:00
Bishop Bettini
368d3ff0d9 Bug #70561: Fix DirectoryIterator to throw OutOfBoundsException 
-------------------------------------------------------------------------------
DirectoryIterator implements SeekableIterator, which "should throw an
OutOfBoundsException if the position is not seekable". As is, seek just returns
and one must call valid(). This approach is different than most (all?) other
SeekableIterator implementations and leads to developer confusion. See the
bug report for a specific example.
 2015-09-23 11:14:52 -04:00
Stanislav Malyshev
c19d59c550 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  update NEWS
  add NEWS for fixes
  Improve fix for #70172
  Fix bug #70312 - HAVAL gives wrong hashes in specific cases
  fix test
  add test
  Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
  Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
  Fix bug #70172 - Use After Free Vulnerability in unserialize()
  Fix bug #70388 - SOAP serialize_function_call() type confusion
  Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
  Improve fix for #70385
  Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
  Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
  Fix bug #70219 (Use after free vulnerability in session deserializer)
  Fix for bug #69782
  Add CVE IDs asigned (post release) to PHP 5.4.43
  Add CVE IDs asigned to #69085 (PHP 5.4.39)
  5.4.45 next

Conflicts:
	ext/pcre/php_pcre.c
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	ext/zip/php_zip.c
 2015-09-01 12:06:41 -07:00
Stanislav Malyshev
33d3acaae7 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Improve fix for #70172
  Fix bug #70312 - HAVAL gives wrong hashes in specific cases
  fix test
  add test
  Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
  Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
  Fix bug #70172 - Use After Free Vulnerability in unserialize()
  Fix bug #70388 - SOAP serialize_function_call() type confusion
  Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
  Improve fix for #70385
  Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
  Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
  Fix bug #70219 (Use after free vulnerability in session deserializer)
  Fix for bug #69782
  Add CVE IDs asigned (post release) to PHP 5.4.43
  Add CVE IDs asigned to #69085 (PHP 5.4.39)
  5.4.45 next

Conflicts:
	configure.in
	ext/pcre/php_pcre.c
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	main/php_version.h
 2015-09-01 11:42:19 -07:00
Stanislav Malyshev
c8f07ad477 add test 2015-09-01 00:26:12 -07:00
Stanislav Malyshev
259057b2a4 Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList 2015-09-01 00:20:45 -07:00
Stanislav Malyshev
f06a069c46 Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage 2015-09-01 00:14:15 -07:00
Anatol Belski
aa23bc6d1d fix dir separator 2015-08-21 14:08:33 +02:00
Anatol Belski
9e69ef4ce2 fix dir separator in test 2015-08-21 14:05:58 +02:00
Christoph M. Becker
484b92919b Fix #70303: Incorrect constructor reflection for ArrayObject 
The first parameter of ArrayObject::__construct() is optional. Reflection
should reflect this.
 2015-08-19 16:23:16 +02:00
Xinchen Hui
b584b51398 Fixed bug #70290 (Null pointer deref (segfault) in spl_autoload via ob_start) 2015-08-19 18:41:28 +08:00
Stanislav Malyshev
ed709d5aa0 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  update NEWS
  fix test
  update NEWS
  Fix bug #70019 - limit extracted files to given directory
  Do not do convert_to_* on unserialize, it messes up references
  Fix #69793 - limit what we accept when unserializing exception
  Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
  Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
  ignore signatures for packages too
  Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
  Fixed bug #69892
  Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
  Improved fix for Bug #69441
  Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
  Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
  Fix bug #70081: check types for SOAP variables

Conflicts:
	ext/soap/php_http.c
	ext/spl/spl_observer.c
 2015-08-04 15:29:13 -07:00
Stanislav Malyshev
69ed3969dd Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fix bug #70019 - limit extracted files to given directory
  Do not do convert_to_* on unserialize, it messes up references
  Fix #69793 - limit what we accept when unserializing exception
  Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
  Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
  ignore signatures for packages too
  Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
  Fixed bug #69892
  Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
  Improved fix for Bug #69441
  Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
  Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
  Fix bug #70081: check types for SOAP variables

Conflicts:
	.gitignore
	ext/date/php_date.c
	ext/spl/spl_array.c
	ext/spl/spl_observer.c
 2015-08-04 14:10:57 -07:00
Stanislav Malyshev
863bf294fe Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList) 2015-08-01 22:01:51 -07:00
Stanislav Malyshev
7381b6accc Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject 2015-08-01 22:01:40 -07:00
Stanislav Malyshev
c7d3c027d5 ignore signatures for packages too 2015-08-01 22:01:32 -07:00
Stanislav Malyshev
c2e197e4ef Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage 2015-08-01 22:01:17 -07:00
Stanislav Malyshev
b7fa67742c Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items) 2015-07-26 17:25:25 -07:00
Xinchen Hui
e41f600365 Fixed bug #69970 (Use-after-free vulnerability in spl_recursive_it_move_forward_ex()) 2015-07-07 21:25:28 +08:00
Anatol Belski
18b3508c3c Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  fixed test related to fix for bug #67805
 2015-06-08 13:28:23 +02:00
Anatol Belski
17f2d1e8a7 fixed test related to fix for bug #67805 2015-06-08 13:27:22 +02:00
Anatol Belski
3c02e6f457 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  updated NEWS
  Fix bug #67805 - SplFileObject setMaxLineLength.
 2015-06-08 12:11:58 +02:00
Willian Gustavo Veiga
b470d9a0d6 Fix bug #67805 - SplFileObject setMaxLineLength. 2015-06-08 12:08:05 +02:00
Stanislav Malyshev
e96c64ed5e Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Fix bug #69737 - Segfault when SplMinHeap::compare produces fatal error
 2015-06-01 22:53:56 -07:00
Stanislav Malyshev
1cbd25ca15 Fix bug #69737 - Segfault when SplMinHeap::compare produces fatal error 2015-06-01 22:07:16 -07:00
Xinchen Hui
96bb3b838c Merge branch 'PHP-5.5' into PHP-5.6 2015-03-14 11:31:53 +08:00
Xinchen Hui
5b87d52041 Fixed typo 2015-03-14 11:31:12 +08:00
Xinchen Hui
396bc00caa Merge branch 'PHP-5.5' into PHP-5.6 2015-03-14 00:53:32 +08:00
Xinchen Hui
ed59370f0a Little improvement, update NEWs, added test 2015-03-14 00:52:53 +08:00
Vektah
482500b455 Fix a leak 2015-03-13 15:54:30 +11:00
Vektah
950d3d6e9b Fix bug #69227 and #65967 
This patch fixes a use (in zend_gc.c) after free (in spl_observer.c).
See https://bugs.php.net/bug.php?id=69227
 2015-03-13 15:02:05 +11:00
Stanislav Malyshev
dcc031470a Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Regression tests for SplFileInfo class setters
 2015-03-08 17:13:25 -07:00
Stanislav Malyshev
a2a20d29a8 Merge branch 'pull-request/1134' into PHP-5.5 
* pull-request/1134:
  Regression tests for SplFileInfo class setters
 2015-03-08 17:13:02 -07:00
Jeremy Mikola
dea7bc8786 Regression tests for SplFileInfo class setters 
Adds tests for SplFileInfo class setters accepting either the base and child classes, and throwing an exception for unexpected classes.

Related: http://svn.php.net/viewvc?view=revision&revision=336017 and https://github.com/facebook/hhvm/pull/4917
 2015-03-02 14:45:26 -05:00
Reeze Xia
1b240ff9e3 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Fixed bug #69141 Missing arguments in reflection info for some builtin functions
 2015-02-28 16:40:06 +08:00
Reeze Xia
f824f91ac9 Fixed bug #69141 Missing arguments in reflection info for some builtin functions 
This include:

- setcookie (missing "httponly")
- setrawcookie (missing "httponly")
- spl_autoload_register (missing 2 optional params)
- mktime  (missing "is_dst")
- gmmktime (missing "is_dst")
 2015-02-28 16:37:14 +08:00
Xinchen Hui
9641bac0f5 Merge branch 'PHP-5.5' into PHP-5.6 2015-02-25 18:22:18 +08:00
Xinchen Hui
ffdc5728c8 Fixed bug #69108 ("Segmentation fault" when (de)serializing SplObjectStorage) 2015-02-25 18:21:59 +08:00
Julien Pauli
ee2f749a22 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Fixed test fails for bug68557
 2015-02-23 10:35:35 +01:00
Xinchen Hui
d5a1a3342b Fixed test fails for bug68557 2015-02-23 10:35:16 +01:00
Anatol Belski
b21d0848c9 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  split test for bug #68557 for windows
 2015-02-20 16:02:07 +01:00
Anatol Belski
3082177bee split test for bug #68557 for windows 2015-02-20 16:01:34 +01:00
Julien Pauli
13c3b78f1e Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  fix #68557
 2015-02-20 15:38:48 +01:00