clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-25 03:47:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
71,068 Commits 493 Branches 1,366 Tags 848 MiB
f93d24aa67
Commit Graph

71068 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Stanislav Malyshev
630f9c33c2 Fix bug #68594 - Use after free vulnerability in unserialize() 2014-12-16 10:15:17 -08:00
Andrea Faulds
034e6decb3 Fix undefined behaviour in strnatcmp 2014-12-13 22:27:10 +00:00
Stanislav Malyshev
97df260b27 update NEWS 2014-12-11 10:41:17 -08:00
Anatol Belski
0323f66fa2 move the test to the right place 2014-12-11 10:39:47 -08:00
Anatol Belski
13f1c276ab Fixed bug #68545 NULL pointer dereference in unserialize.c 2014-12-11 10:39:37 -08:00
Dmitry Stogov
dd791cd717 Fixed possible read after end of buffer and use after free. 2014-12-08 12:18:27 +03:00
Chris Christoff
0e985d3726 Revert unintentional docblock change 
Revert unintentional docblock change

It looks like commit dd8e59da8f
introduced an unintended docbloc change. I have reverted this
change in this commit.
 2014-12-05 13:57:03 -08:00
Ferenc Kovacs
b28c3eb47e make sure that we don't truncate the stack trace and cause false test failures when the test is executed in a directory with long path 2014-12-02 19:17:58 +01:00
Stanislav Malyshev
84be568366 update news 2014-11-30 21:37:39 -08:00
Leigh
301b7f990a Apply error-code-salt fix to Windows too 
Conflicts:
	ext/standard/crypt.c
 2014-11-30 21:07:31 -08:00
Leigh
7e870c596d Bug fixes in light of failing bcrypt tests 
Conflicts:
	ext/standard/crypt.c
 2014-11-30 21:06:39 -08:00
Leigh
2d9d10fbbf Add tests from 1.3. Add missing tests. 
3 of the missing tests fail. // TODO
 2014-11-30 21:05:40 -08:00
Leigh
29f51e1ca9 Upgrade crypt_blowfish to version 1.3 2014-11-30 21:05:32 -08:00
Stanislav Malyshev
7dbc5e5c69 update for LiteSpeed 2014-11-23 18:05:26 -08:00
Stanislav Malyshev
96cde1841a Revert "made lsapi_main.c compatible with PHP7/phpng ." 
This reverts commit 9fb816f45a.
Not a security-related fix.
 2014-11-22 00:38:04 -08:00
George Wang
9fb816f45a made lsapi_main.c compatible with PHP7/phpng . 2014-11-20 16:49:01 -05:00
Stanislav Malyshev
98b22864ff 5.4.36-dev 2014-11-11 16:31:38 -08:00
Matteo Beccati
2323e95df9 Fixed bug #66584 Segmentation fault on statement deallocation 2014-11-11 16:25:31 -08:00
Ferenc Kovacs
db5ad4c51f update NEWS 2014-11-12 00:18:13 +01:00
Dmitry Stogov
9dfa843a38 Partial fix for bug #68365 (zend_mm_heap corrupted after memory overflow in zend_hash_copy) 2014-11-07 09:46:49 +03:00
Stanislav Malyshev
0ddcf2a919 update NEWS 2014-11-03 11:43:15 -08:00
Remi Collet
7740edae36 Fix bug #63595 GMP memory management conflicts with other libraries using GMP 
Drop use of php memory allocators as this raise various conflicts
with other extensions and libraries which use libgmp.

No other solution found.
We cannot for ensure correct use of allocator with shared lib.

Some memory can allocated before php init
Some memory can be freed after php shutdown

Known broken run cases
- php + curl + gnutls + gmp
- mod_gnutls + mod_php + gnutls + gmp
- php + freetds + gnutls + gmp
- php + odbc + freetds + gnutls + gmp
- php + php-mapi (zarafa) + gnutls + gmp
 2014-11-03 11:42:15 -08:00
Stanislav Malyshev
c351b47ce8 Initialize the offset table - PCRE may sometimes miss offsets 2014-11-03 11:31:02 -08:00
George Wang
1a2ec3fc60 set default response code to 200 2014-11-03 11:42:01 -05:00
Stanislav Malyshev
4d54c4bdf0 fix NEWS & version 2014-10-22 13:16:29 -07:00
Remi Collet
de4fff0fb3 NEWS 2014-10-22 15:39:49 +02:00
Remi Collet
1803228597 Fix bug #68283: fileinfo: out-of-bounds read in elf note headers 
Upstream commit
39c7ac1106

CVE -2014-3710
 2014-10-22 15:37:04 +02:00
Stanislav Malyshev
287c91c1f0 Fix bug #68113 (Heap corruption in exif_thumbnail()) 2014-10-13 23:17:45 -07:00
Stanislav Malyshev
ab0939e5e5 Fix bug #68089 - do not accept options with embedded \0 
Conflicts:
	ext/curl/interface.c
 2014-10-13 23:16:06 -07:00
Stanislav Malyshev
56754a7f9e Fixed bug #68044: Integer overflow in unserialize() (32-bits only) 2014-10-13 23:14:25 -07:00
Stanislav Malyshev
88412772d2 Fix bug #68027 - fix date parsing in XMLRPC lib 2014-10-13 23:12:11 -07:00
Ard Biesheuvel
82b07b62c0 update NEWS 
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
 2014-10-10 11:40:07 +02:00
George Wang
26ff3a4c1e Fixed a bug that causes crash when environment variable is access while parsing php.ini 2014-10-03 16:41:32 -04:00
Sara Golemon
4e7b31a0db Add hash to EXTENSIONS file 2014-10-02 18:54:46 -07:00
Matthew Daley
fcbe20d357 Set an LDAP error code when failing ldap_bind due to null bytes 
Some applications check a LDAP link's error code after seeing ldap_bind
fail due to a null byte bind attempt and hence incorrectly receive the
last set error code.

Fix by setting an LDAP error code before returning in this case.
 2014-09-28 12:23:52 -07:00
Johannes Schlüter
2711948d14 This test should pass 2014-09-27 02:17:26 +02:00
Derick Rethans
16e2d954fc - Updated to version 2014.8 (2014h) 2014-09-26 16:26:59 +01:00
Stanislav Malyshev
28ed0119ac update NEWS 2014-09-26 00:55:49 -07:00
Stanislav Malyshev
408b172017 Revert xp_ssl.c to the state of 5.4.32 due to regressions 2014-09-26 00:44:24 -07:00
Ard Biesheuvel
e64da8c20d Fixed bug #66242 (don't assume char is signed) 
This fixes a bug in libmagic where a cast to 'char' is assumed to result
in sign extension to occur. However, unqualified 'char' is unsigned on
architectures such as ARM, so the cast needs to be to 'signed char'
explicitly.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
 2014-09-20 16:39:48 -07:00
Matteo Beccati
00525b824a Fixed freetype test on multiple environments 
Some environments, apparently regardless to the freetype version, output 155, while others 156. I guess we can accept both ;)

This reverts commit 592df89027.
 2014-09-16 10:19:29 +02:00
Remi Collet
2775dc2b44 Fix NEWS 
- #65641 mod_proxy-fcgi is not fixed (still open)
- #67606 mod_fastcgi is fixed in ee275e34c8
 2014-09-15 08:23:25 +02:00
Daniel Lowrey
372844918a Bug #41631: Fix regression from first attempt (6569db8) 2014-09-09 09:01:42 -06:00
Daniel Lowrey
f86b2193a4 Bug #67965: Fix blocking behavior in non-blocking crypto streams 2014-09-09 07:37:57 -06:00
Tjerk Meesters
99f0760bfb Fixed #67985 - Incorrect last used array index copied to new array after unset 
In master zend_array_dup() is used to do this properly; this is a workaround.
 2014-09-09 17:58:45 +08:00
George Wang
d2e1a04b10 Fine tuned the order of adding request variables. 2014-09-08 23:58:05 -04:00
George Wang
582f42b8d4 Update LSAPI to 6.7, added support for 'filter_input'. 
Fixed a crash in CLI mode.
 2014-09-03 11:24:45 -04:00
Matteo Beccati
592df89027 Fixed test with freetype >= 2.4.12 2014-09-03 09:43:29 +02:00
Stanislav Malyshev
5e95b61639 5.4.34 is next 2014-09-02 15:03:04 -07:00
Stanislav Malyshev
fe551c089a Revert "Fix bug #67644 - Memory corruption & crash during ob_start function callback" 
This reverts commit 53fa6c5b6b.
The change breaks tests, so not putting it into 5.4.
 2014-09-02 14:15:39 -07:00