Anatol Belski
3803bbde24
fix test
2015-04-14 15:20:44 +02:00
Stanislav Malyshev
0cb9d75cb6
Merge branch 'PHP-5.4.40' into PHP-5.5.24
...
* PHP-5.4.40:
Additional fix for bug #69324
More fixes for bug #69152
Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions)
Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar)
Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER)
Fix bug #68486 and bug #69218 (segfault in apache2handler with apache 2.4)
Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault)
Fixed bug #68901 (use after free)
Fixed bug #68740 (NULL Pointer Dereference)
Fix bug #66550 (SQLite prepared statement use-after-free)
Better fix for #68601 for perf 81e9a993f2
Fix bug #68601 buffer read overflow in gd_gif_in.c
Revert "Merge branch 'PHP-5.4' of https://git.php.net/repository/php-src into PHP-5.4"
Fixed bug #69293
Add ZEND_ARG_CALLABLE_INFO to allow internal function to type hint against callable.
2015-04-11 16:56:12 -07:00
Stanislav Malyshev
4435b9142f
Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions)
2015-04-11 16:53:22 -07:00
Stanislav Malyshev
f938112c49
Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault)
2015-04-11 16:53:21 -07:00
Anatol Belski
43652d386a
simplify error handling for dirs as magic
2015-01-22 10:16:13 +01:00
Joshua Rogers
91aa340180
Fixed bug #68827 Double free with disabled ZMM
2015-01-22 09:59:13 +01:00
Xinchen Hui
73c1be2653
Bump year
2015-01-15 23:26:03 +08:00
Anatol Belski
4ed261870f
updated libmagic.patch in 5.5
2015-01-04 17:05:42 +01:00
Anatol Belski
ebb98e7aeb
updated libmagic.patch in 5.4
2015-01-04 17:04:13 +01:00
Anatol Belski
5fe54dbaf9
Merge branch 'PHP-5.4' into PHP-5.5
...
* PHP-5.4:
Fixed bug #68735 fileinfo out-of-bounds memory access
2015-01-04 14:22:37 +01:00
Anatol Belski
ede59c8feb
Fixed bug #68735 fileinfo out-of-bounds memory access
2015-01-04 14:20:21 +01:00
Anatol Belski
b644dcfb72
Merge branch 'PHP-5.4' into PHP-5.5
...
* PHP-5.4:
removed dead code
2015-01-04 09:40:56 +01:00
Remi Collet
919abf0cb1
removed dead code
2015-01-04 09:40:19 +01:00
Anatol Belski
99162b8198
updated libmagic.patch
2014-12-30 20:21:28 +01:00
Anatol Belski
d92a87d7cb
Fixed bug #68671 incorrect expression in libmagic
2014-12-30 19:37:27 +01:00
Anatol Belski
270df3ffd6
updated libmagic.patch in 5.5
2014-10-25 12:01:58 +02:00
Remi Collet
5b295bf191
Fix bug #68283 : fileinfo: out-of-bounds read in elf note headers
...
Upstream commit
39c7ac1106
CVE -2014-3710
(cherry picked from commit 1803228597
)
2014-10-25 11:29:16 +02:00
Remi Collet
1803228597
Fix bug #68283 : fileinfo: out-of-bounds read in elf note headers
...
Upstream commit
39c7ac1106
CVE -2014-3710
2014-10-22 15:37:04 +02:00
Ard Biesheuvel
7958793342
Merge branch 'PHP-5.4' into PHP-5.5
2014-09-20 16:40:02 -07:00
Ard Biesheuvel
e64da8c20d
Fixed bug #66242 (don't assume char is signed)
...
This fixes a bug in libmagic where a cast to 'char' is assumed to result
in sign extension to occur. However, unqualified 'char' is unsigned on
architectures such as ARM, so the cast needs to be to 'signed char'
explicitly.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
2014-09-20 16:39:48 -07:00
Stanislav Malyshev
3468f03b6f
Merge branch 'PHP-5.4' into PHP-5.5
...
* PHP-5.4:
Fix bug #67716 - Segfault in cdf.c
2014-08-14 17:21:29 -07:00
Remi Collet
35f32637b0
Fix bug #67716 - Segfault in cdf.c
2014-08-14 17:21:20 -07:00
Remi Collet
49387b31cf
Fix bug #67716 - Segfault in cdf.c
2014-08-14 17:19:03 -07:00
Andrey Hristov
41e1ccefd5
Merge branch 'PHP-5.4' into PHP-5.5
...
Conflicts:
NEWS
configure.in
main/php_version.h
2014-08-06 15:27:56 +03:00
Stanislav Malyshev
61ec9b5b0f
add test
2014-08-04 00:08:08 -07:00
Stanislav Malyshev
eeaec70758
Fix bug #67705 (extensive backtracking in rule regular expression)
2014-08-04 00:05:40 -07:00
Anatol Belski
4965d1c2ce
Merge branch 'PHP-5.4' into PHP-5.5
...
* PHP-5.4:
updated libmagic.patch
2014-07-01 10:27:38 +02:00
Anatol Belski
af5f997a5d
updated libmagic.patch
2014-07-01 10:25:20 +02:00
Remi Collet
12a62ce868
Merge branch 'PHP-5.4' into PHP-5.5
...
* PHP-5.4:
NEWS
Fixed Bug #67413 fileinfo: cdf_read_property_info insufficient boundary chec
2014-06-10 14:35:23 +02:00
Remi Collet
25b1dc917a
Fixed Bug #67413 fileinfo: cdf_read_property_info insufficient boundary chec
...
Upstream:
93e063ee37
Adapted for C standard.
2014-06-10 14:33:37 +02:00
Remi Collet
ff66c90af0
Merge branch 'PHP-5.4' into PHP-5.5
...
* PHP-5.4:
NEWS
Bug #67412 fileinfo: cdf_count_chain insufficient boundary check
2014-06-10 14:23:37 +02:00
Remi Collet
40ef6e07e0
Bug #67412 fileinfo: cdf_count_chain insufficient boundary check
...
Upstream:
40bade80cb
2014-06-10 14:22:04 +02:00
Remi Collet
f6fee381be
Merge branch 'PHP-5.4' into PHP-5.5
...
* PHP-5.4:
NEWS
Fixed Bug #67411 fileinfo: cdf_check_stream_offset insufficient boundary check
2014-06-10 14:16:07 +02:00
Remi Collet
5c9f967999
Fixed Bug #67411 fileinfo: cdf_check_stream_offset insufficient boundary check
...
Upstream:
36fadd2984
2014-06-10 14:13:14 +02:00
Remi Collet
18ff81eb1a
Merge branch 'PHP-5.4' into PHP-5.5
...
* PHP-5.4:
NEWS
Fixed Bug #67410 fileinfo: mconvert incorrect handling of truncated pascal string size
2014-06-10 14:04:36 +02:00
Remi Collet
e77659a8c8
Fixed Bug #67410 fileinfo: mconvert incorrect handling of truncated pascal string size
...
Upstream
27a14bc7ba
2014-06-10 14:02:36 +02:00
Remi Collet
2d59b87527
Merge branch 'PHP-5.4' into PHP-5.5
...
* PHP-5.4:
NEWS
Fix bug #67326 fileinfo: cdf_read_short_sector insufficient boundary check
2014-06-03 11:09:04 +02:00
Remi Collet
4fcb9a9d1b
Fix bug #67326 fileinfo: cdf_read_short_sector insufficient boundary check
...
Upstream fix 6d209c1c48
.patch
Only revelant part applied
2014-06-03 11:05:00 +02:00
Anatol Belski
546797f329
Merge branch 'PHP-5.4' into PHP-5.5
...
* PHP-5.4:
updated libmagic.patch for 5.4+
Conflicts:
ext/fileinfo/libmagic.patch
2014-05-27 22:38:02 +02:00
Anatol Belski
d2765e4b8c
updated libmagic.patch for 5.4+
2014-05-27 22:36:12 +02:00
Anatol Belski
d184f07b3c
backport this piece from 5.6, related to the #66307 fix
2014-05-26 18:05:13 -07:00
Anatol Belski
15ee33eb21
Fixed bug #66307 Fileinfo crashes with powerpoint files
2014-05-26 18:04:27 -07:00
Stanislav Malyshev
5ce11c2698
Merge branch 'PHP-5.4' into PHP-5.5
...
* PHP-5.4:
Fix bug #67328 (fileinfo: numerous file_printf calls resulting in performance degradation)
Fix bug #67327 : fileinfo: CDF infinite loop in nelements DoS
2014-05-26 18:03:01 -07:00
Stanislav Malyshev
4005f06df6
Fix bug #67328 (fileinfo: numerous file_printf calls resulting in performance degradation)
...
Upstream patch: b8acc83781
2014-05-26 18:01:17 -07:00
Stanislav Malyshev
57225f09ed
Fix bug #67327 : fileinfo: CDF infinite loop in nelements DoS
...
Upstream fix: f97486ef5d
2014-05-26 17:45:14 -07:00
Anatol Belski
db960e82b4
updated libmagic.patch
2014-04-24 20:13:47 +02:00
Anatol Belski
d7bb09cc1d
backport this piece from 5.6, related to the #66307 fix
2014-04-24 19:50:23 +02:00
Anatol Belski
03fa5501a8
Fixed bug #66307 Fileinfo crashes with powerpoint files
2014-04-24 19:30:34 +02:00
Remi Collet
178eac6c98
Merge branch 'PHP-5.4' into PHP-5.5
...
* PHP-5.4:
NEWS
Fixed Bug #66987 Memory corruption in fileinfo ext (bigendian)
2014-03-31 16:57:12 +02:00
Remi Collet
2c204a55af
Fixed Bug #66987 Memory corruption in fileinfo ext (bigendian)
...
On little endian:
map->p == php_magic_database
map->magic[i] = pointer into the map
map->p == NULL
map->magic[i] = pointer to allocated memory
On big endian (ppc64, s390x, ...):
map->p != php_magic_database and map->p != NULL
map->magic[i] = pointer into a copy of the map
Trying to efree pointer in the later cause memory corruption
Thanks to dkatulek / Red Hat for the report.
2014-03-31 16:50:47 +02:00