clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-25 11:57:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
77,182 Commits 493 Branches 1,366 Tags 849 MiB
fc8eff897b
Commit Graph

33251 Commits

Author SHA1 Message Date
Stanislav Malyshev
fc8eff897b More fixes for bug #70219 2015-08-28 21:50:21 -07:00
Stanislav Malyshev
24dda816d0 Merge branch 'PHP-5.4.45' into PHP-5.5.29 
* PHP-5.4.45:
  Fix bug #70219 (Use after free vulnerability in session deserializer)
  Fix for bug #69782
  5.4.45 next

Conflicts:
	configure.in
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	main/php_version.h
 2015-08-25 23:08:49 -07:00
Stanislav Malyshev
df4bf28f9f Fix bug #70219 (Use after free vulnerability in session deserializer) 2015-08-23 19:56:12 -07:00
Stanislav Malyshev
1744be2d17 Fix for bug #69782 2015-08-16 17:16:15 -07:00
Stanislav Malyshev
69ed3969dd Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fix bug #70019 - limit extracted files to given directory
  Do not do convert_to_* on unserialize, it messes up references
  Fix #69793 - limit what we accept when unserializing exception
  Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
  Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
  ignore signatures for packages too
  Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
  Fixed bug #69892
  Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
  Improved fix for Bug #69441
  Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
  Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
  Fix bug #70081: check types for SOAP variables

Conflicts:
	.gitignore
	ext/date/php_date.c
	ext/spl/spl_array.c
	ext/spl/spl_observer.c
 2015-08-04 14:10:57 -07:00
Stanislav Malyshev
dda81f0505 Fix bug #70019 - limit extracted files to given directory 2015-08-04 14:02:31 -07:00
Stanislav Malyshev
0e09009753 Do not do convert_to_* on unserialize, it messes up references 2015-08-04 13:59:56 -07:00
Stanislav Malyshev
4d2278143a Fix #69793 - limit what we accept when unserializing exception 2015-08-01 22:02:26 -07:00
Stanislav Malyshev
863bf294fe Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList) 2015-08-01 22:01:51 -07:00
Stanislav Malyshev
7381b6accc Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject 2015-08-01 22:01:40 -07:00
Stanislav Malyshev
c7d3c027d5 ignore signatures for packages too 2015-08-01 22:01:32 -07:00
Stanislav Malyshev
c2e197e4ef Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage 2015-08-01 22:01:17 -07:00
Stanislav Malyshev
16023f3e3b Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes 2015-07-26 17:43:16 -07:00
Stanislav Malyshev
7a4584d3f6 Improved fix for Bug #69441 2015-07-26 17:31:12 -07:00
Stanislav Malyshev
b7fa67742c Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items) 2015-07-26 17:25:25 -07:00
Stanislav Malyshev
c96d08b272 Fix bug #70081: check types for SOAP variables 2015-07-26 16:44:18 -07:00
Stanislav Malyshev
b4b082e63e Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Better fix for bug #69958
  update news
  Fix bug #69669 (mysqlnd is vulnerable to BACKRONYM)
  Fix bug #69923 - Buffer overflow and stack smashing error in phar_fix_filepath
  Fix bug #69958 - Segfault in Phar::convertToData on invalid file

Conflicts:
	ext/mysqlnd/mysqlnd.c
 2015-07-07 10:09:34 -07:00
Stanislav Malyshev
545eddba93 Merge branch 'PHP-5.5' of git.php.net:php-src into PHP-5.5 
* 'PHP-5.5' of git.php.net:php-src:
  add missing second argument for ucfirst to the proto
 2015-07-07 10:08:37 -07:00
Stanislav Malyshev
885edfef0a Better fix for bug #69958 2015-07-07 09:38:31 -07:00
Stanislav Malyshev
97aa752fee Fix bug #69669 (mysqlnd is vulnerable to BACKRONYM) 2015-07-07 09:38:31 -07:00
Stanislav Malyshev
6dedeb40db Fix bug #69923 - Buffer overflow and stack smashing error in phar_fix_filepath 2015-07-07 09:38:31 -07:00
Stanislav Malyshev
bf58162ddf Fix bug #69958 - Segfault in Phar::convertToData on invalid file 2015-07-07 09:38:30 -07:00
Ferenc Kovacs
b6f5cb11a4 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  add missing second argument for ucfirst to the proto
 2015-07-07 15:49:16 +02:00
Ferenc Kovacs
29533ae528 add missing second argument for ucfirst to the proto 2015-07-07 15:48:55 +02:00
Stanislav Malyshev
ed84af4b88 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Better fix for bug #69958
 2015-07-07 00:01:42 -07:00
Stanislav Malyshev
eda31f57fb Better fix for bug #69958 2015-07-07 00:01:26 -07:00
Stanislav Malyshev
09de64a58d Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Better fix for bug #69958
 2015-07-06 23:03:05 -07:00
Stanislav Malyshev
61b0b80388 Better fix for bug #69958 2015-07-06 22:58:28 -07:00
Stanislav Malyshev
303d97feda Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fix bug #69669 (mysqlnd is vulnerable to BACKRONYM)
  Fix bug #69923 - Buffer overflow and stack smashing error in phar_fix_filepath
  Fix bug #69958 - Segfault in Phar::convertToData on invalid file

Conflicts:
	ext/mysqlnd/mysqlnd.c
 2015-07-06 21:52:49 -07:00
Stanislav Malyshev
0d2f147d80 Fix bug #69669 (mysqlnd is vulnerable to BACKRONYM) 2015-07-06 21:50:01 -07:00
Stanislav Malyshev
3e88d610e5 Fix bug #69923 - Buffer overflow and stack smashing error in phar_fix_filepath 2015-07-04 23:47:48 -07:00
Stanislav Malyshev
452d30cf7d Fix bug #69958 - Segfault in Phar::convertToData on invalid file 2015-07-04 21:01:50 -07:00
Stanislav Malyshev
8f2e08239f Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Move strlen() check to php_mail_detect_multiple_crlf()
  Fixed Bug #69874 : Can't set empty additional_headers for mail()
 2015-06-28 20:23:00 -07:00
Stanislav Malyshev
cd9c39d77c Merge branch 'pull-request/1350' into PHP-5.4 
* pull-request/1350:
  Move strlen() check to php_mail_detect_multiple_crlf()
  Fixed Bug #69874 : Can't set empty additional_headers for mail()
 2015-06-28 20:18:56 -07:00
Anatol Belski
80f9a9725c fix unknown size of void error 2015-06-25 19:12:26 +02:00
Christoph M. Becker
cd068b1ed6 Made bug44295-win.phpt locale independent 
Formerly it failed on non English installations.
 2015-06-24 01:41:33 +02:00
Christoph M. Becker
8da8dc04b6 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  updated NEWS
  Fixed bug #69768 (escapeshell*() doesn't cater to !)
  bump API version to 6.8
 2015-06-24 00:23:39 +02:00
Christoph M. Becker
a621781fdb Fixed bug #69768 (escapeshell*() doesn't cater to !) 
When delayed variable substitution is enabled (can be set in the
Registry, for instance), !ENV! works similar to %ENV%, and so ! should
be escaped like %.
 2015-06-24 00:15:55 +02:00
Christoph M. Becker
23e25f3319 Fixed Bug #53823 (preg_replace: * qualifier on unicode replace garbles the string) 
When advancing after empty matches, php_pcre_match_impl() as well as
php_pcre_replace_impl() always have to advance to the next code point when the
u modifier is given, instead of to the next byte.
 2015-06-23 19:28:09 +02:00
Christoph M. Becker
a39beaa251 Fixed bug #69864 (Segfault in preg_replace_callback) 
When preg_replace_callback() is used, cache entries which are in use must not
be removed. We ensure that by deploying a simple refcounting mechanism.
 2015-06-23 13:00:17 +02:00
Yasuo Ohgaki
d263ecd864 Move strlen() check to php_mail_detect_multiple_crlf() 2015-06-19 15:17:56 +09:00
Yasuo Ohgaki
dacea3f6fb Fixed Bug #69874 : Can't set empty additional_headers for mail() 2015-06-19 12:19:12 +09:00
Xinchen Hui
6a8db93115 Merge branch 'patch-3' of https://github.com/s0ph1e/php-src into PHP-5.5 2015-06-19 09:35:28 +08:00
Christian Wenz
a85156db7d fixes bug #69835: phpinfo() does not report many Windows SKUs 2015-06-18 22:01:20 +02:00
Sophia Nepochataya
1edb2e9a10 Remove excess variable in mail.c (5.5 branch) 2015-06-18 20:06:08 +03:00
Lior Kaplan
ca33ae3eb2 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fixed bug #69689 (Align PCRE_MINOR with current version)
 2015-06-18 17:34:53 +03:00
Lior Kaplan
cc7194dd10 Fixed bug #69689 (Align PCRE_MINOR with current version) 2015-06-18 17:30:21 +03:00
Sara Golemon
d241711f44 Fix buffer growth in sockets/conversion.c 
memset() the *end* of the new buffer, not the beginning
Copy the pointer to the buffer, not its initial contents

Fixes bug 69619
 2015-06-17 13:34:20 -07:00
Christoph M. Becker
7469c7e7d0 Fixed bug #61221 - imagegammacorrect function loses alpha channel 
When applying imagegammacorrect() the alpha channel is now fully retained, instead of being completely lost.
 2015-06-17 02:15:59 +02:00
Derick Rethans
558342124e - Updated to version 2015.5 (2015e) 2015-06-15 10:41:29 +01:00