Stanislav Malyshev
fc8eff897b
More fixes for bug #70219
2015-08-28 21:50:21 -07:00
Stanislav Malyshev
24dda816d0
Merge branch 'PHP-5.4.45' into PHP-5.5.29
...
* PHP-5.4.45:
Fix bug #70219 (Use after free vulnerability in session deserializer)
Fix for bug #69782
5.4.45 next
Conflicts:
configure.in
ext/standard/var_unserializer.c
ext/standard/var_unserializer.re
main/php_version.h
2015-08-25 23:08:49 -07:00
Stanislav Malyshev
df4bf28f9f
Fix bug #70219 (Use after free vulnerability in session deserializer)
2015-08-23 19:56:12 -07:00
Stanislav Malyshev
1744be2d17
Fix for bug #69782
2015-08-16 17:16:15 -07:00
Stanislav Malyshev
69ed3969dd
Merge branch 'PHP-5.4' into PHP-5.5
...
* PHP-5.4:
Fix bug #70019 - limit extracted files to given directory
Do not do convert_to_* on unserialize, it messes up references
Fix #69793 - limit what we accept when unserializing exception
Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
ignore signatures for packages too
Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
Fixed bug #69892
Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
Improved fix for Bug #69441
Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
Fix bug #70081 : check types for SOAP variables
Conflicts:
.gitignore
ext/date/php_date.c
ext/spl/spl_array.c
ext/spl/spl_observer.c
2015-08-04 14:10:57 -07:00
Stanislav Malyshev
dda81f0505
Fix bug #70019 - limit extracted files to given directory
2015-08-04 14:02:31 -07:00
Stanislav Malyshev
0e09009753
Do not do convert_to_* on unserialize, it messes up references
2015-08-04 13:59:56 -07:00
Stanislav Malyshev
4d2278143a
Fix #69793 - limit what we accept when unserializing exception
2015-08-01 22:02:26 -07:00
Stanislav Malyshev
863bf294fe
Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
2015-08-01 22:01:51 -07:00
Stanislav Malyshev
7381b6accc
Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
2015-08-01 22:01:40 -07:00
Stanislav Malyshev
c7d3c027d5
ignore signatures for packages too
2015-08-01 22:01:32 -07:00
Stanislav Malyshev
c2e197e4ef
Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
2015-08-01 22:01:17 -07:00
Stanislav Malyshev
16023f3e3b
Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
2015-07-26 17:43:16 -07:00
Stanislav Malyshev
7a4584d3f6
Improved fix for Bug #69441
2015-07-26 17:31:12 -07:00
Stanislav Malyshev
b7fa67742c
Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
2015-07-26 17:25:25 -07:00
Stanislav Malyshev
c96d08b272
Fix bug #70081 : check types for SOAP variables
2015-07-26 16:44:18 -07:00
Stanislav Malyshev
b4b082e63e
Merge branch 'PHP-5.4' into PHP-5.5
...
* PHP-5.4:
Better fix for bug #69958
update news
Fix bug #69669 (mysqlnd is vulnerable to BACKRONYM)
Fix bug #69923 - Buffer overflow and stack smashing error in phar_fix_filepath
Fix bug #69958 - Segfault in Phar::convertToData on invalid file
Conflicts:
ext/mysqlnd/mysqlnd.c
2015-07-07 10:09:34 -07:00
Stanislav Malyshev
545eddba93
Merge branch 'PHP-5.5' of git.php.net:php-src into PHP-5.5
...
* 'PHP-5.5' of git.php.net:php-src:
add missing second argument for ucfirst to the proto
2015-07-07 10:08:37 -07:00
Stanislav Malyshev
885edfef0a
Better fix for bug #69958
2015-07-07 09:38:31 -07:00
Stanislav Malyshev
97aa752fee
Fix bug #69669 (mysqlnd is vulnerable to BACKRONYM)
2015-07-07 09:38:31 -07:00
Stanislav Malyshev
6dedeb40db
Fix bug #69923 - Buffer overflow and stack smashing error in phar_fix_filepath
2015-07-07 09:38:31 -07:00
Stanislav Malyshev
bf58162ddf
Fix bug #69958 - Segfault in Phar::convertToData on invalid file
2015-07-07 09:38:30 -07:00
Ferenc Kovacs
b6f5cb11a4
Merge branch 'PHP-5.4' into PHP-5.5
...
* PHP-5.4:
add missing second argument for ucfirst to the proto
2015-07-07 15:49:16 +02:00
Ferenc Kovacs
29533ae528
add missing second argument for ucfirst to the proto
2015-07-07 15:48:55 +02:00
Stanislav Malyshev
ed84af4b88
Merge branch 'PHP-5.4' into PHP-5.5
...
* PHP-5.4:
Better fix for bug #69958
2015-07-07 00:01:42 -07:00
Stanislav Malyshev
eda31f57fb
Better fix for bug #69958
2015-07-07 00:01:26 -07:00
Stanislav Malyshev
09de64a58d
Merge branch 'PHP-5.4' into PHP-5.5
...
* PHP-5.4:
Better fix for bug #69958
2015-07-06 23:03:05 -07:00
Stanislav Malyshev
61b0b80388
Better fix for bug #69958
2015-07-06 22:58:28 -07:00
Stanislav Malyshev
303d97feda
Merge branch 'PHP-5.4' into PHP-5.5
...
* PHP-5.4:
Fix bug #69669 (mysqlnd is vulnerable to BACKRONYM)
Fix bug #69923 - Buffer overflow and stack smashing error in phar_fix_filepath
Fix bug #69958 - Segfault in Phar::convertToData on invalid file
Conflicts:
ext/mysqlnd/mysqlnd.c
2015-07-06 21:52:49 -07:00
Stanislav Malyshev
0d2f147d80
Fix bug #69669 (mysqlnd is vulnerable to BACKRONYM)
2015-07-06 21:50:01 -07:00
Stanislav Malyshev
3e88d610e5
Fix bug #69923 - Buffer overflow and stack smashing error in phar_fix_filepath
2015-07-04 23:47:48 -07:00
Stanislav Malyshev
452d30cf7d
Fix bug #69958 - Segfault in Phar::convertToData on invalid file
2015-07-04 21:01:50 -07:00
Stanislav Malyshev
8f2e08239f
Merge branch 'PHP-5.4' into PHP-5.5
...
* PHP-5.4:
Move strlen() check to php_mail_detect_multiple_crlf()
Fixed Bug #69874 : Can't set empty additional_headers for mail()
2015-06-28 20:23:00 -07:00
Stanislav Malyshev
cd9c39d77c
Merge branch 'pull-request/1350' into PHP-5.4
...
* pull-request/1350:
Move strlen() check to php_mail_detect_multiple_crlf()
Fixed Bug #69874 : Can't set empty additional_headers for mail()
2015-06-28 20:18:56 -07:00
Anatol Belski
80f9a9725c
fix unknown size of void error
2015-06-25 19:12:26 +02:00
Christoph M. Becker
cd068b1ed6
Made bug44295-win.phpt locale independent
...
Formerly it failed on non English installations.
2015-06-24 01:41:33 +02:00
Christoph M. Becker
8da8dc04b6
Merge branch 'PHP-5.4' into PHP-5.5
...
* PHP-5.4:
updated NEWS
Fixed bug #69768 (escapeshell*() doesn't cater to !)
bump API version to 6.8
2015-06-24 00:23:39 +02:00
Christoph M. Becker
a621781fdb
Fixed bug #69768 (escapeshell*() doesn't cater to !)
...
When delayed variable substitution is enabled (can be set in the
Registry, for instance), !ENV! works similar to %ENV%, and so ! should
be escaped like %.
2015-06-24 00:15:55 +02:00
Christoph M. Becker
23e25f3319
Fixed Bug #53823 (preg_replace: * qualifier on unicode replace garbles the string)
...
When advancing after empty matches, php_pcre_match_impl() as well as
php_pcre_replace_impl() always have to advance to the next code point when the
u modifier is given, instead of to the next byte.
2015-06-23 19:28:09 +02:00
Christoph M. Becker
a39beaa251
Fixed bug #69864 (Segfault in preg_replace_callback)
...
When preg_replace_callback() is used, cache entries which are in use must not
be removed. We ensure that by deploying a simple refcounting mechanism.
2015-06-23 13:00:17 +02:00
Yasuo Ohgaki
d263ecd864
Move strlen() check to php_mail_detect_multiple_crlf()
2015-06-19 15:17:56 +09:00
Yasuo Ohgaki
dacea3f6fb
Fixed Bug #69874 : Can't set empty additional_headers for mail()
2015-06-19 12:19:12 +09:00
Xinchen Hui
6a8db93115
Merge branch 'patch-3' of https://github.com/s0ph1e/php-src into PHP-5.5
2015-06-19 09:35:28 +08:00
Christian Wenz
a85156db7d
fixes bug #69835 : phpinfo() does not report many Windows SKUs
2015-06-18 22:01:20 +02:00
Sophia Nepochataya
1edb2e9a10
Remove excess variable in mail.c (5.5 branch)
2015-06-18 20:06:08 +03:00
Lior Kaplan
ca33ae3eb2
Merge branch 'PHP-5.4' into PHP-5.5
...
* PHP-5.4:
Fixed bug #69689 (Align PCRE_MINOR with current version)
2015-06-18 17:34:53 +03:00
Lior Kaplan
cc7194dd10
Fixed bug #69689 (Align PCRE_MINOR with current version)
2015-06-18 17:30:21 +03:00
Sara Golemon
d241711f44
Fix buffer growth in sockets/conversion.c
...
memset() the *end* of the new buffer, not the beginning
Copy the pointer to the buffer, not its initial contents
Fixes bug 69619
2015-06-17 13:34:20 -07:00
Christoph M. Becker
7469c7e7d0
Fixed bug #61221 - imagegammacorrect function loses alpha channel
...
When applying imagegammacorrect() the alpha channel is now fully retained, instead of being completely lost.
2015-06-17 02:15:59 +02:00
Derick Rethans
558342124e
- Updated to version 2015.5 (2015e)
2015-06-15 10:41:29 +01:00