summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* 5.6.13php-5.6.13PHP-5.6.13Ferenc Kovacs2015-09-032-3/+3
|
* update NEWSFerenc Kovacs2015-09-031-1/+29
|
* Merge branch 'PHP-5.6'Matteo Beccati2015-09-031-0/+2
| | | | | * PHP-5.6: Added missing skipif for phar+zlib test
* Merge branch 'PHP-5.5' into PHP-5.6Stanislav Malyshev2015-09-033-3/+52
| | | | | * PHP-5.5: More fixes for bug #70219
* Merge branch 'PHP-5.5' into PHP-5.6Stanislav Malyshev2015-09-033-3/+3
| | | | | * PHP-5.5: fix unit tests
* Merge branch '70284' into PHP-5.6Stanislav Malyshev2015-09-032-5/+55
| | | | | * 70284: Fix bug ##70284 (Use after free vulnerability in unserialize() with GMP)
* Merge branch 'PHP-5.5' into PHP-5.6Stanislav Malyshev2015-09-0324-827/+970
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.5: update NEWS add NEWS for fixes Improve fix for #70172 Fix bug #70312 - HAVAL gives wrong hashes in specific cases fix test add test Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage Fix bug #70172 - Use After Free Vulnerability in unserialize() Fix bug #70388 - SOAP serialize_function_call() type confusion Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories Improve fix for #70385 Fix bug #70345 (Multiple vulnerabilities related to PCRE functions) Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes) Fix bug #70219 (Use after free vulnerability in session deserializer) Fix for bug #69782 Add CVE IDs asigned (post release) to PHP 5.4.43 Add CVE IDs asigned to #69085 (PHP 5.4.39) 5.4.45 next Conflicts: ext/pcre/php_pcre.c ext/standard/var_unserializer.c ext/standard/var_unserializer.re ext/zip/php_zip.c
* PHP-5.6.13RC1php-5.6.13RC1Ferenc Kovacs2015-08-203-9/+7
|
* 5.6.14 nextFerenc Kovacs2015-08-203-5/+7
|
* updated NEWSChristoph M. Becker2015-08-191-1/+2
|
* Fix #70303: Incorrect constructor reflection for ArrayObjectChristoph M. Becker2015-08-192-2/+14
| | | | | The first parameter of ArrayObject::__construct() is optional. Reflection should reflect this.
* Fixed bug #70290 (Null pointer deref (segfault) in spl_autoload via ob_start)Xinchen Hui2015-08-193-1/+14
|
* Fix #67604: The built windows documention refers to nonexistent dllChristoph M. Becker2015-08-181-11/+2
| | | | | Since quite a while the Windows builds ship with php5apache2_4.dll, but not with other server modules. We fix some out-dated info in install.txt.
* Merge branch 'pull-request/1477' into PHP-5.6Côme Bernigaud2015-08-181-16/+36
|\ | | | | | | | | * pull-request/1477: Patch from Rainer Jung to provide Solaris LDAP support
| * Patch from Rainer Jung to provide Solaris LDAP supportCôme Bernigaud2015-08-181-16/+36
|/
* updated NEWSChristoph M. Becker2015-08-171-0/+2
|
* Fix #70277: new DateTimeZone($foo) is ignoring text after null byteChristoph M. Becker2015-08-172-4/+26
| | | | | | The DateTimeZone constructors are not binary safe. They're parsing the timezone as string, but discard the length when calling timezone_initialize(). This patch adds a tz_len parameter and a respective check to timezone_initialize().
* Fixed sorting orderDerick Rethans2015-08-161-1105/+1105
| | | | It needs to match the strcasecmp in parse_tz.c.
* Updated NEWS for #70157Tjerk Meesters2015-08-151-0/+2
|
* Merge branch 'bug70157' into PHP-5.6Tjerk Meesters2015-08-153-7/+52
|\ | | | | | | | | * bug70157: Fixed #70157 parse_ini_string() segmentation fault with INI_SCANNER_TYPED
| * Fixed #70157 parse_ini_string() segmentation fault with INI_SCANNER_TYPEDTjerk Meesters2015-08-153-7/+52
|/
* fixed wrong params in protoChristoph M. Becker2015-08-151-2/+2
|
* updated NEWSChristoph M. Becker2015-08-141-0/+1
|
* Fix #70264: CLI server directory traversalChristoph M. Becker2015-08-142-0/+33
| | | | | | | | On Windows the built-in webserver doesn't prevent directory traversal when backslashes are used as path component separators. Even though that is not a security issue (the CLI webserver is meant for testing only), we fix that by replacing backslashes in the path with slashes on Windows, because backslashes may be valid characters for file names on other systems, but not on Windows.
* updated NEWSChristoph M. Becker2015-08-141-0/+4
|
* Fix #70266 (DateInterval::__construct.interval_spec is not supposed to be ↵Christoph M. Becker2015-08-142-1/+9
| | | | | | optional) The required_num_args argument of ZEND_BEGIN_ARG_INFO_EX() has to be 1.
* updated NEWSChristoph M. Becker2015-08-131-0/+4
|
* Fix #70232: Incorrect bump-along behavior with \K and empty string matchChristoph M. Becker2015-08-132-9/+82
| | | | | | | | To do global matching (/g), for every empty match we have to do a second match with PCRE_NOTEMPTY turned on. That may fail, however, when the \K escape sequence is involved. For this purpose libpcre 8.0 introduced the PCRE_NOTEMPTY_ATSTART flag, which we will use if available, and otherwise fall back to the old (possibly buggy) behavior.
* Of course, we support v2 in PHP 5.6 as well.Derick Rethans2015-08-131-0/+2
|
* Updated to version 2015.6 (2015f)Derick Rethans2015-08-131-585/+585
|
* Updated to version 2015.6 (2015f)Derick Rethans2015-08-121-28014/+29505
|
* update NEWSAnatol Belski2015-08-111-0/+2
|
* Fixed bug #70198 Checking liveness does not work as expectedAnatol Belski2015-08-111-1/+11
|
* fix news entryAnatol Belski2015-08-111-1/+1
|
* updated NEWSAnatol Belski2015-08-111-0/+3
|
* fix bug #69833 mcrypt fd caching not workingAnatol Belski2015-08-111-13/+23
|
* Fixed bug #70237 (Empty while and do-while segmentation fault with opcode on ↵Xinchen Hui2015-08-113-0/+28
| | | | CLI enabled).
* updated NEWS wrt. bug #69487Christoph M. Becker2015-08-111-0/+1
|
* Fix #69487: SAPI may truncate POST dataChristoph M. Becker2015-08-112-1/+26
| | | | | | | If SG(request_info).request_body can't be completely written (e.g. due to a full drive), only parts of the POST data will be available. This patch changes this, so that SG(request_info).request_body will be reset in this case, and a warning will be thrown.
* Add CVE IDs asigned to #69085 (PHP 5.6.7)Lior Kaplan2015-08-101-1/+2
|
* Align NEWS with 5.6.12Lior Kaplan2015-08-101-1/+28
|
* Add entries for phar bug fixes in 5.6.11 (also have CVE assigned)Lior Kaplan2015-08-101-0/+6
|
* updated NEWSChristoph M. Becker2015-08-091-0/+4
|
* Fix #66606: Sets HTTP_CONTENT_TYPE but not CONTENT_TYPEwusuopu2015-08-091-0/+3
| | | | The patch will store Content-Type header value in both HTTP_CONTENT_TYPE field and CONTENT_TYPE field.
* added tests for bug #66606Christoph M. Becker2015-08-092-0/+63
|
* fix NEWSFerenc Kovacs2015-08-071-1/+1
|
* Merge branch 'PHP-5.5' into PHP-5.6Stanislav Malyshev2015-08-050-0/+0
|\ | | | | | | | | | | | | | | | | * PHP-5.5: 5.5.29 next Conflicts: configure.in main/php_version.h
| * 5.5.29 nextStanislav Malyshev2015-08-043-5/+7
| |
* | Merge branch 'PHP-5.5' into PHP-5.6Stanislav Malyshev2015-08-041-2/+2
|\ \ | |/ | | | | | | * PHP-5.5: fix test
| * Merge branch 'PHP-5.4' into PHP-5.5Stanislav Malyshev2015-08-041-2/+2
| |\ | | | | | | | | | | | | * PHP-5.4: fix test
View Lorry Controller Status