clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-22 02:17:32 +00:00
Code Issues Packages Projects Releases Wiki Activity
77,225 Commits 491 Branches 1,363 Tags 837 MiB
f3838a9c35
Commit Graph

317 Commits

Author SHA1 Message Date
Anatol Belski
3803bbde24 fix test 2015-04-14 15:20:44 +02:00
Stanislav Malyshev
0cb9d75cb6 Merge branch 'PHP-5.4.40' into PHP-5.5.24 
* PHP-5.4.40:
  Additional fix for bug #69324
  More fixes for bug #69152
  Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions)
  Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar)
  Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER)
  Fix bug #68486 and bug #69218 (segfault in apache2handler with apache 2.4)
  Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault)
  Fixed bug #68901 (use after free)
  Fixed bug #68740 (NULL Pointer Dereference)
  Fix bug #66550 (SQLite prepared statement use-after-free)
  Better fix for #68601 for perf 81e9a993f2
  Fix bug #68601 buffer read overflow in gd_gif_in.c
  Revert "Merge branch 'PHP-5.4' of https://git.php.net/repository/php-src into PHP-5.4"
  Fixed bug #69293
  Add ZEND_ARG_CALLABLE_INFO to allow internal function to type hint against callable.
 2015-04-11 16:56:12 -07:00
Stanislav Malyshev
4435b9142f Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions) 2015-04-11 16:53:22 -07:00
Stanislav Malyshev
f938112c49 Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault) 2015-04-11 16:53:21 -07:00
Anatol Belski
43652d386a simplify error handling for dirs as magic 2015-01-22 10:16:13 +01:00
Joshua Rogers
91aa340180 Fixed bug #68827 Double free with disabled ZMM 2015-01-22 09:59:13 +01:00
Xinchen Hui
73c1be2653 Bump year 2015-01-15 23:26:03 +08:00
Anatol Belski
4ed261870f updated libmagic.patch in 5.5 2015-01-04 17:05:42 +01:00
Anatol Belski
ebb98e7aeb updated libmagic.patch in 5.4 2015-01-04 17:04:13 +01:00
Anatol Belski
5fe54dbaf9 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fixed bug #68735 fileinfo out-of-bounds memory access
 2015-01-04 14:22:37 +01:00
Anatol Belski
ede59c8feb Fixed bug #68735 fileinfo out-of-bounds memory access 2015-01-04 14:20:21 +01:00
Anatol Belski
b644dcfb72 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  removed dead code
 2015-01-04 09:40:56 +01:00
Remi Collet
919abf0cb1 removed dead code 2015-01-04 09:40:19 +01:00
Anatol Belski
99162b8198 updated libmagic.patch 2014-12-30 20:21:28 +01:00
Anatol Belski
d92a87d7cb Fixed bug #68671 incorrect expression in libmagic 2014-12-30 19:37:27 +01:00
Anatol Belski
270df3ffd6 updated libmagic.patch in 5.5 2014-10-25 12:01:58 +02:00
Remi Collet
5b295bf191 Fix bug #68283: fileinfo: out-of-bounds read in elf note headers 
Upstream commit
39c7ac1106

CVE -2014-3710

(cherry picked from commit 1803228597)
 2014-10-25 11:29:16 +02:00
Remi Collet
1803228597 Fix bug #68283: fileinfo: out-of-bounds read in elf note headers 
Upstream commit
39c7ac1106

CVE -2014-3710
 2014-10-22 15:37:04 +02:00
Ard Biesheuvel
7958793342 Merge branch 'PHP-5.4' into PHP-5.5 2014-09-20 16:40:02 -07:00
Ard Biesheuvel
e64da8c20d Fixed bug #66242 (don't assume char is signed) 
This fixes a bug in libmagic where a cast to 'char' is assumed to result
in sign extension to occur. However, unqualified 'char' is unsigned on
architectures such as ARM, so the cast needs to be to 'signed char'
explicitly.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
 2014-09-20 16:39:48 -07:00
Stanislav Malyshev
3468f03b6f Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fix bug #67716 - Segfault in cdf.c
 2014-08-14 17:21:29 -07:00
Remi Collet
35f32637b0 Fix bug #67716 - Segfault in cdf.c 2014-08-14 17:21:20 -07:00
Remi Collet
49387b31cf Fix bug #67716 - Segfault in cdf.c 2014-08-14 17:19:03 -07:00
Andrey Hristov
41e1ccefd5 Merge branch 'PHP-5.4' into PHP-5.5 
Conflicts:
	NEWS
	configure.in
	main/php_version.h
 2014-08-06 15:27:56 +03:00
Stanislav Malyshev
61ec9b5b0f add test 2014-08-04 00:08:08 -07:00
Stanislav Malyshev
eeaec70758 Fix bug #67705 (extensive backtracking in rule regular expression) 2014-08-04 00:05:40 -07:00
Anatol Belski
4965d1c2ce Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  updated libmagic.patch
 2014-07-01 10:27:38 +02:00
Anatol Belski
af5f997a5d updated libmagic.patch 2014-07-01 10:25:20 +02:00
Remi Collet
12a62ce868 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  NEWS
  Fixed Bug #67413 	fileinfo: cdf_read_property_info insufficient boundary chec
 2014-06-10 14:35:23 +02:00
Remi Collet
25b1dc917a Fixed Bug #67413 fileinfo: cdf_read_property_info insufficient boundary chec 
Upstream:
93e063ee37

Adapted for C standard.
 2014-06-10 14:33:37 +02:00
Remi Collet
ff66c90af0 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  NEWS
  Bug #67412 	fileinfo: cdf_count_chain insufficient boundary check
 2014-06-10 14:23:37 +02:00
Remi Collet
40ef6e07e0 Bug #67412 fileinfo: cdf_count_chain insufficient boundary check 
Upstream:
40bade80cb
 2014-06-10 14:22:04 +02:00
Remi Collet
f6fee381be Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  NEWS
  Fixed Bug #67411 	fileinfo: cdf_check_stream_offset insufficient boundary check
 2014-06-10 14:16:07 +02:00
Remi Collet
5c9f967999 Fixed Bug #67411 fileinfo: cdf_check_stream_offset insufficient boundary check 
Upstream:
36fadd2984
 2014-06-10 14:13:14 +02:00
Remi Collet
18ff81eb1a Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  NEWS
  Fixed Bug #67410 fileinfo: mconvert incorrect handling of truncated pascal string size
 2014-06-10 14:04:36 +02:00
Remi Collet
e77659a8c8 Fixed Bug #67410 fileinfo: mconvert incorrect handling of truncated pascal string size 
Upstream
27a14bc7ba
 2014-06-10 14:02:36 +02:00
Remi Collet
2d59b87527 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  NEWS
  Fix bug #67326	fileinfo: cdf_read_short_sector insufficient boundary check
 2014-06-03 11:09:04 +02:00
Remi Collet
4fcb9a9d1b Fix bug #67326 fileinfo: cdf_read_short_sector insufficient boundary check 
Upstream fix 6d209c1c48.patch
Only revelant part applied
 2014-06-03 11:05:00 +02:00
Anatol Belski
546797f329 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  updated libmagic.patch for 5.4+

Conflicts:
	ext/fileinfo/libmagic.patch
 2014-05-27 22:38:02 +02:00
Anatol Belski
d2765e4b8c updated libmagic.patch for 5.4+ 2014-05-27 22:36:12 +02:00
Anatol Belski
d184f07b3c backport this piece from 5.6, related to the #66307 fix 2014-05-26 18:05:13 -07:00
Anatol Belski
15ee33eb21 Fixed bug #66307 Fileinfo crashes with powerpoint files 2014-05-26 18:04:27 -07:00
Stanislav Malyshev
5ce11c2698 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fix bug #67328 (fileinfo: numerous file_printf calls resulting in performance degradation)
  Fix bug #67327: fileinfo: CDF infinite loop in nelements DoS
 2014-05-26 18:03:01 -07:00
Stanislav Malyshev
4005f06df6 Fix bug #67328 (fileinfo: numerous file_printf calls resulting in performance degradation) 
Upstream patch: b8acc83781
 2014-05-26 18:01:17 -07:00
Stanislav Malyshev
57225f09ed Fix bug #67327: fileinfo: CDF infinite loop in nelements DoS 
Upstream fix: f97486ef5d
 2014-05-26 17:45:14 -07:00
Anatol Belski
db960e82b4 updated libmagic.patch 2014-04-24 20:13:47 +02:00
Anatol Belski
d7bb09cc1d backport this piece from 5.6, related to the #66307 fix 2014-04-24 19:50:23 +02:00
Anatol Belski
03fa5501a8 Fixed bug #66307 Fileinfo crashes with powerpoint files 2014-04-24 19:30:34 +02:00
Remi Collet
178eac6c98 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  NEWS
  Fixed Bug #66987 Memory corruption in fileinfo ext (bigendian)
 2014-03-31 16:57:12 +02:00
Remi Collet
2c204a55af Fixed Bug #66987 Memory corruption in fileinfo ext (bigendian) 
On little endian:
	map->p == php_magic_database
	map->magic[i] = pointer into the map

	map->p == NULL
	map->magic[i] = pointer to allocated memory

On big endian (ppc64, s390x, ...):
	map->p != php_magic_database and map->p != NULL
        map->magic[i] = pointer into a copy of the map

Trying to efree pointer in the later cause memory corruption
Thanks to dkatulek / Red Hat for the report.
 2014-03-31 16:50:47 +02:00