summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* 5.5.38 is the last release. EOLingPHP-5.5Julien Pauli2016-07-203-5/+5
|
* Update NEWSStanislav Malyshev2016-07-191-2/+39
|
* Improve fix for #72520Stanislav Malyshev2016-07-191-2/+2
|
* improve fix #72558, while (u>=0) with unsigned int will always be truePierre Joye2016-07-191-3/+4
|
* Fix memory leakStanislav Malyshev2016-07-191-0/+1
|
* Merge branch 'PHP-5.5' of git.php.net:php-src into PHP-5.5Stanislav Malyshev2016-07-190-0/+0
|\ | | | | | | | | * 'PHP-5.5' of git.php.net:php-src: fix #72519, possible OOB using imagegif
| * fix #72519, possible OOB using imagegifPierre Joye2016-07-191-2/+16
| | | | | | | | fix #72519, possible OOB using imagegif
* | fix #72519, possible OOB using imagegifPierre Joye2016-07-191-2/+16
| |
* | fix #72512, invalid read or write for palette image when invalid transparent ↵Pierre Joye2016-07-193-3/+26
| | | | | | | | | | | | | | index is used Conflicts: ext/gd/libgd/gd.c
* | Apparently some envs miss SIZE_MAXStanislav Malyshev2016-07-191-0/+3
| |
* | Merge branch 'PHP-5.5.38' into PHP-5.5Stanislav Malyshev2016-07-1828-228/+538
|\ \ | |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.5.38: Fix tests Fix bug #72618: NULL Pointer Dereference in exif_process_user_comment Partial fix for bug #72613 - do not treat negative returns from bz2 as size_t Fix bug #72606: heap-buffer-overflow (write) simplestring_addn simplestring.c Fix for bug #72558, Integer overflow error within _gdContributionsAlloc() Fix bug #72603: Out of bound read in exif_process_IFD_in_MAKERNOTE Fix bug #72562 - destroy var_hash properly Fix bug #72533 (locale_accept_from_http out-of-bounds access) Fix fir bug #72520 Fix for bug #72513 CS fix and comments with bug ID Fix for HTTP_PROXY issue. add tests for bug #72512 Fixed bug #72512 gdImageTrueColorToPaletteBody allows arbitrary write/read access Fixed bug #72479 - same as #72434
| * Fix testsStanislav Malyshev2016-07-182-7/+5
| |
| * Fix bug #72618: NULL Pointer Dereference in exif_process_user_commentStanislav Malyshev2016-07-183-6/+22
| |
| * Partial fix for bug #72613 - do not treat negative returns from bz2 as size_tStanislav Malyshev2016-07-183-38/+65
| |
| * Fix bug #72606: heap-buffer-overflow (write) simplestring_addn simplestring.cStanislav Malyshev2016-07-182-25/+38
| |
| * Fix for bug #72558, Integer overflow error within _gdContributionsAlloc()Stanislav Malyshev2016-07-182-48/+70
| |
| * Fix bug #72603: Out of bound read in exif_process_IFD_in_MAKERNOTEStanislav Malyshev2016-07-173-2/+31
| |
| * Fix bug #72562 - destroy var_hash properlyStanislav Malyshev2016-07-122-1/+46
| |
| * Fix bug #72533 (locale_accept_from_http out-of-bounds access)Stanislav Malyshev2016-07-122-0/+48
| |
| * Fix fir bug #72520Stanislav Malyshev2016-07-121-4/+4
| |
| * Fix for bug #72513Stanislav Malyshev2016-07-121-4/+4
| |
| * CS fix and comments with bug IDStanislav Malyshev2016-07-122-3/+4
| |
| * Fix for HTTP_PROXY issue.Stanislav Malyshev2016-07-104-48/+76
| | | | | | | | | | | | | | | | | | The following changes are made: - _SERVER/_ENV only has HTTP_PROXY if the local environment has it, and only one from the environment. - getenv('HTTP_PROXY') only returns one from the local environment - getenv has optional second parameter, telling it to only consider local environment
| * add tests for bug #72512Anatol Belski2016-07-062-0/+36
| |
| * Fixed bug #72512 gdImageTrueColorToPaletteBody allows arbitrary write/read ↵Pierre Joye2016-07-041-5/+8
| | | | | | | | access
| * Fixed bug #72479 - same as #72434Stanislav Malyshev2016-06-262-40/+84
| |
* | Extend libxml exportsAnatol Belski2016-07-141-0/+2
| | | | | | | | | | These are needed to support libxslt 1.1.29 on Windows. This libxslt version fixes CVE-2015-7995 and for this reason needs to be used.
* | Updated NEWSJulien Pauli2016-07-081-1/+4
| |
* | Fix #69975: PHP segfaults when accessing nvarchar(max) defined columnsChristoph M. Becker2016-07-082-0/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The SQL Server Native Client 11.0 and maybe other ODBC drivers report NVARCHAR(MAX) columns as SQL_WVARCHAR with size 0. This causes too small a buffer to be emalloc'd, likely causing a segfault in the following. As we don't know the real size of the column data, we treat such colums as SQL_WLONGVARCHAR. The related bug #67437 suggests that some drivers report a size of ~4GB. It is not certain that this is really the case (there might be some integer overflow involved, and anyway, there has been no feedback), so we do not cater for this now. However, it would not be hard to treat all sizes above a certain threshold in a similar way, i.e. as SQL_WLONGVARCHAR. (cherry picked from commit 16db4d1462bf3eacb93c0cd940f799160a284b24) (cherry picked from commit 344ff5dd4c538eaebea075f7705321f8b86d0b47)
* | Updated NEWSJulien Pauli2016-07-081-1/+2
| |
* | Merge branch 'pull-request/1982' into PHP-5.5Julien Pauli2016-07-081-17/+24
|\ \ | | | | | | | | | | | | * pull-request/1982: Update PHP 5.5 NEWS entries with CVE info
| * | Update PHP 5.5 NEWS entries with CVE infoLior Kaplan2016-07-041-17/+24
| | |
* | | Fix bug #70480 (php_url_parse_ex() buffer overflow read)Stanislav Malyshev2016-07-051-1/+1
|/ / | | | | | | (cherry picked from commit 629e4da7cc8b174acdeab84969cbfc606a019b31)
* | Fix the fix for #72403 on nl2brStanislav Malyshev2016-06-271-1/+1
|/
* 5.5.38 nowJulien Pauli2016-06-213-5/+9
|
* remove the huge test file, generate it on the fly insteadAnatol Belski2016-06-212-1/+23
|
* Now the right bug #Stanislav Malyshev2016-06-211-1/+1
|
* Fix NEWSStanislav Malyshev2016-06-211-2/+2
|
* iFixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() ↵Stanislav Malyshev2016-06-202-9/+15
| | | | resulting in heap overflow
* update NEWSStanislav Malyshev2016-06-201-1/+30
|
* Merge branch 'PHP-5.5.37' into PHP-5.5Stanislav Malyshev2016-06-2020-246/+449
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.5.37: fix tests fix build Fix bug #72455: Heap Overflow due to integer overflows Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize Fix bug #72407: NULL Pointer Dereference at _gdScaleVert Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free Fix bug #72298 pass2_no_dither out-of-bounds access Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow Fix bug #72262 - do not overflow int Fix bug #72400 and #72403 - prevent signed int overflows for string lengths Fix bug #72275: don't allow smart_str to overflow int Fix bug #72340: Double Free Courruption in wddx_deserialize
| * fix testsStanislav Malyshev2016-06-201-1/+1
| |
| * fix buildStanislav Malyshev2016-06-201-1/+1
| |
| * Fix bug #72455: Heap Overflow due to integer overflowsStanislav Malyshev2016-06-201-42/+50
| |
| * Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC ↵Stanislav Malyshev2016-06-202-0/+42
| | | | | | | | algorithm and unserialize
| * Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and ↵Stanislav Malyshev2016-06-203-1/+44
| | | | | | | | unserialize
| * Fix bug #72407: NULL Pointer Dereference at _gdScaleVertStanislav Malyshev2016-06-181-0/+3
| |
| * Fix bug #72402: _php_mb_regex_ereg_replace_exec - double freeStanislav Malyshev2016-06-182-33/+49
| |
| * Fix bug #72298 pass2_no_dither out-of-bounds accessStanislav Malyshev2016-06-182-7/+22
| |
| * Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflowPierre Joye2016-06-183-0/+18
| |
View Lorry Controller Status