Stanislav Malyshev
630f9c33c2
Fix bug #68594 - Use after free vulnerability in unserialize()
2014-12-16 10:15:17 -08:00
Andrea Faulds
034e6decb3
Fix undefined behaviour in strnatcmp
2014-12-13 22:27:10 +00:00
Stanislav Malyshev
97df260b27
update NEWS
2014-12-11 10:41:17 -08:00
Anatol Belski
0323f66fa2
move the test to the right place
2014-12-11 10:39:47 -08:00
Anatol Belski
13f1c276ab
Fixed bug #68545 NULL pointer dereference in unserialize.c
2014-12-11 10:39:37 -08:00
Dmitry Stogov
dd791cd717
Fixed possible read after end of buffer and use after free.
2014-12-08 12:18:27 +03:00
Chris Christoff
0e985d3726
Revert unintentional docblock change
...
Revert unintentional docblock change
It looks like commit dd8e59da8f
introduced an unintended docbloc change. I have reverted this
change in this commit.
2014-12-05 13:57:03 -08:00
Ferenc Kovacs
b28c3eb47e
make sure that we don't truncate the stack trace and cause false test failures when the test is executed in a directory with long path
2014-12-02 19:17:58 +01:00
Stanislav Malyshev
84be568366
update news
2014-11-30 21:37:39 -08:00
Leigh
301b7f990a
Apply error-code-salt fix to Windows too
...
Conflicts:
ext/standard/crypt.c
2014-11-30 21:07:31 -08:00
Leigh
7e870c596d
Bug fixes in light of failing bcrypt tests
...
Conflicts:
ext/standard/crypt.c
2014-11-30 21:06:39 -08:00
Leigh
2d9d10fbbf
Add tests from 1.3. Add missing tests.
...
3 of the missing tests fail. // TODO
2014-11-30 21:05:40 -08:00
Leigh
29f51e1ca9
Upgrade crypt_blowfish to version 1.3
2014-11-30 21:05:32 -08:00
Stanislav Malyshev
7dbc5e5c69
update for LiteSpeed
2014-11-23 18:05:26 -08:00
Stanislav Malyshev
96cde1841a
Revert "made lsapi_main.c compatible with PHP7/phpng ."
...
This reverts commit 9fb816f45a
.
Not a security-related fix.
2014-11-22 00:38:04 -08:00
George Wang
9fb816f45a
made lsapi_main.c compatible with PHP7/phpng .
2014-11-20 16:49:01 -05:00
Stanislav Malyshev
98b22864ff
5.4.36-dev
2014-11-11 16:31:38 -08:00
Matteo Beccati
2323e95df9
Fixed bug #66584 Segmentation fault on statement deallocation
2014-11-11 16:25:31 -08:00
Ferenc Kovacs
db5ad4c51f
update NEWS
2014-11-12 00:18:13 +01:00
Dmitry Stogov
9dfa843a38
Partial fix for bug #68365 (zend_mm_heap corrupted after memory overflow in zend_hash_copy)
2014-11-07 09:46:49 +03:00
Stanislav Malyshev
0ddcf2a919
update NEWS
2014-11-03 11:43:15 -08:00
Remi Collet
7740edae36
Fix bug #63595 GMP memory management conflicts with other libraries using GMP
...
Drop use of php memory allocators as this raise various conflicts
with other extensions and libraries which use libgmp.
No other solution found.
We cannot for ensure correct use of allocator with shared lib.
Some memory can allocated before php init
Some memory can be freed after php shutdown
Known broken run cases
- php + curl + gnutls + gmp
- mod_gnutls + mod_php + gnutls + gmp
- php + freetds + gnutls + gmp
- php + odbc + freetds + gnutls + gmp
- php + php-mapi (zarafa) + gnutls + gmp
2014-11-03 11:42:15 -08:00
Stanislav Malyshev
c351b47ce8
Initialize the offset table - PCRE may sometimes miss offsets
2014-11-03 11:31:02 -08:00
George Wang
1a2ec3fc60
set default response code to 200
2014-11-03 11:42:01 -05:00
Stanislav Malyshev
4d54c4bdf0
fix NEWS & version
2014-10-22 13:16:29 -07:00
Remi Collet
de4fff0fb3
NEWS
2014-10-22 15:39:49 +02:00
Remi Collet
1803228597
Fix bug #68283 : fileinfo: out-of-bounds read in elf note headers
...
Upstream commit
39c7ac1106
CVE -2014-3710
2014-10-22 15:37:04 +02:00
Stanislav Malyshev
287c91c1f0
Fix bug #68113 (Heap corruption in exif_thumbnail())
2014-10-13 23:17:45 -07:00
Stanislav Malyshev
ab0939e5e5
Fix bug #68089 - do not accept options with embedded \0
...
Conflicts:
ext/curl/interface.c
2014-10-13 23:16:06 -07:00
Stanislav Malyshev
56754a7f9e
Fixed bug #68044 : Integer overflow in unserialize() (32-bits only)
2014-10-13 23:14:25 -07:00
Stanislav Malyshev
88412772d2
Fix bug #68027 - fix date parsing in XMLRPC lib
2014-10-13 23:12:11 -07:00
Ard Biesheuvel
82b07b62c0
update NEWS
...
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
2014-10-10 11:40:07 +02:00
George Wang
26ff3a4c1e
Fixed a bug that causes crash when environment variable is access while parsing php.ini
2014-10-03 16:41:32 -04:00
Sara Golemon
4e7b31a0db
Add hash to EXTENSIONS file
2014-10-02 18:54:46 -07:00
Matthew Daley
fcbe20d357
Set an LDAP error code when failing ldap_bind due to null bytes
...
Some applications check a LDAP link's error code after seeing ldap_bind
fail due to a null byte bind attempt and hence incorrectly receive the
last set error code.
Fix by setting an LDAP error code before returning in this case.
2014-09-28 12:23:52 -07:00
Johannes Schlüter
2711948d14
This test should pass
2014-09-27 02:17:26 +02:00
Derick Rethans
16e2d954fc
- Updated to version 2014.8 (2014h)
2014-09-26 16:26:59 +01:00
Stanislav Malyshev
28ed0119ac
update NEWS
2014-09-26 00:55:49 -07:00
Stanislav Malyshev
408b172017
Revert xp_ssl.c to the state of 5.4.32 due to regressions
2014-09-26 00:44:24 -07:00
Ard Biesheuvel
e64da8c20d
Fixed bug #66242 (don't assume char is signed)
...
This fixes a bug in libmagic where a cast to 'char' is assumed to result
in sign extension to occur. However, unqualified 'char' is unsigned on
architectures such as ARM, so the cast needs to be to 'signed char'
explicitly.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
2014-09-20 16:39:48 -07:00
Matteo Beccati
00525b824a
Fixed freetype test on multiple environments
...
Some environments, apparently regardless to the freetype version, output 155, while others 156. I guess we can accept both ;)
This reverts commit 592df89027
.
2014-09-16 10:19:29 +02:00
Remi Collet
2775dc2b44
Fix NEWS
...
- #65641 mod_proxy-fcgi is not fixed (still open)
- #67606 mod_fastcgi is fixed in ee275e34c8
2014-09-15 08:23:25 +02:00
Daniel Lowrey
372844918a
Bug #41631 : Fix regression from first attempt ( 6569db8
)
2014-09-09 09:01:42 -06:00
Daniel Lowrey
f86b2193a4
Bug #67965 : Fix blocking behavior in non-blocking crypto streams
2014-09-09 07:37:57 -06:00
Tjerk Meesters
99f0760bfb
Fixed #67985 - Incorrect last used array index copied to new array after unset
...
In master zend_array_dup() is used to do this properly; this is a workaround.
2014-09-09 17:58:45 +08:00
George Wang
d2e1a04b10
Fine tuned the order of adding request variables.
2014-09-08 23:58:05 -04:00
George Wang
582f42b8d4
Update LSAPI to 6.7, added support for 'filter_input'.
...
Fixed a crash in CLI mode.
2014-09-03 11:24:45 -04:00
Matteo Beccati
592df89027
Fixed test with freetype >= 2.4.12
2014-09-03 09:43:29 +02:00
Stanislav Malyshev
5e95b61639
5.4.34 is next
2014-09-02 15:03:04 -07:00
Stanislav Malyshev
fe551c089a
Revert "Fix bug #67644 - Memory corruption & crash during ob_start function callback"
...
This reverts commit 53fa6c5b6b
.
The change breaks tests, so not putting it into 5.4.
2014-09-02 14:15:39 -07:00