Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | 5.6.13php-5.6.13PHP-5.6.13 | Ferenc Kovacs | 2015-09-03 | 2 | -3/+3 |
| | |||||
* | update NEWS | Ferenc Kovacs | 2015-09-03 | 1 | -1/+29 |
| | |||||
* | Merge branch 'PHP-5.6' | Matteo Beccati | 2015-09-03 | 1 | -0/+2 |
| | | | | | * PHP-5.6: Added missing skipif for phar+zlib test | ||||
* | Merge branch 'PHP-5.5' into PHP-5.6 | Stanislav Malyshev | 2015-09-03 | 3 | -3/+52 |
| | | | | | * PHP-5.5: More fixes for bug #70219 | ||||
* | Merge branch 'PHP-5.5' into PHP-5.6 | Stanislav Malyshev | 2015-09-03 | 3 | -3/+3 |
| | | | | | * PHP-5.5: fix unit tests | ||||
* | Merge branch '70284' into PHP-5.6 | Stanislav Malyshev | 2015-09-03 | 2 | -5/+55 |
| | | | | | * 70284: Fix bug ##70284 (Use after free vulnerability in unserialize() with GMP) | ||||
* | Merge branch 'PHP-5.5' into PHP-5.6 | Stanislav Malyshev | 2015-09-03 | 24 | -827/+970 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.5: update NEWS add NEWS for fixes Improve fix for #70172 Fix bug #70312 - HAVAL gives wrong hashes in specific cases fix test add test Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage Fix bug #70172 - Use After Free Vulnerability in unserialize() Fix bug #70388 - SOAP serialize_function_call() type confusion Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories Improve fix for #70385 Fix bug #70345 (Multiple vulnerabilities related to PCRE functions) Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes) Fix bug #70219 (Use after free vulnerability in session deserializer) Fix for bug #69782 Add CVE IDs asigned (post release) to PHP 5.4.43 Add CVE IDs asigned to #69085 (PHP 5.4.39) 5.4.45 next Conflicts: ext/pcre/php_pcre.c ext/standard/var_unserializer.c ext/standard/var_unserializer.re ext/zip/php_zip.c | ||||
* | PHP-5.6.13RC1php-5.6.13RC1 | Ferenc Kovacs | 2015-08-20 | 3 | -9/+7 |
| | |||||
* | 5.6.14 next | Ferenc Kovacs | 2015-08-20 | 3 | -5/+7 |
| | |||||
* | updated NEWS | Christoph M. Becker | 2015-08-19 | 1 | -1/+2 |
| | |||||
* | Fix #70303: Incorrect constructor reflection for ArrayObject | Christoph M. Becker | 2015-08-19 | 2 | -2/+14 |
| | | | | | The first parameter of ArrayObject::__construct() is optional. Reflection should reflect this. | ||||
* | Fixed bug #70290 (Null pointer deref (segfault) in spl_autoload via ob_start) | Xinchen Hui | 2015-08-19 | 3 | -1/+14 |
| | |||||
* | Fix #67604: The built windows documention refers to nonexistent dll | Christoph M. Becker | 2015-08-18 | 1 | -11/+2 |
| | | | | | Since quite a while the Windows builds ship with php5apache2_4.dll, but not with other server modules. We fix some out-dated info in install.txt. | ||||
* | Merge branch 'pull-request/1477' into PHP-5.6 | Côme Bernigaud | 2015-08-18 | 1 | -16/+36 |
|\ | | | | | | | | | * pull-request/1477: Patch from Rainer Jung to provide Solaris LDAP support | ||||
| * | Patch from Rainer Jung to provide Solaris LDAP support | Côme Bernigaud | 2015-08-18 | 1 | -16/+36 |
|/ | |||||
* | updated NEWS | Christoph M. Becker | 2015-08-17 | 1 | -0/+2 |
| | |||||
* | Fix #70277: new DateTimeZone($foo) is ignoring text after null byte | Christoph M. Becker | 2015-08-17 | 2 | -4/+26 |
| | | | | | | The DateTimeZone constructors are not binary safe. They're parsing the timezone as string, but discard the length when calling timezone_initialize(). This patch adds a tz_len parameter and a respective check to timezone_initialize(). | ||||
* | Fixed sorting order | Derick Rethans | 2015-08-16 | 1 | -1105/+1105 |
| | | | | It needs to match the strcasecmp in parse_tz.c. | ||||
* | Updated NEWS for #70157 | Tjerk Meesters | 2015-08-15 | 1 | -0/+2 |
| | |||||
* | Merge branch 'bug70157' into PHP-5.6 | Tjerk Meesters | 2015-08-15 | 3 | -7/+52 |
|\ | | | | | | | | | * bug70157: Fixed #70157 parse_ini_string() segmentation fault with INI_SCANNER_TYPED | ||||
| * | Fixed #70157 parse_ini_string() segmentation fault with INI_SCANNER_TYPED | Tjerk Meesters | 2015-08-15 | 3 | -7/+52 |
|/ | |||||
* | fixed wrong params in proto | Christoph M. Becker | 2015-08-15 | 1 | -2/+2 |
| | |||||
* | updated NEWS | Christoph M. Becker | 2015-08-14 | 1 | -0/+1 |
| | |||||
* | Fix #70264: CLI server directory traversal | Christoph M. Becker | 2015-08-14 | 2 | -0/+33 |
| | | | | | | | | On Windows the built-in webserver doesn't prevent directory traversal when backslashes are used as path component separators. Even though that is not a security issue (the CLI webserver is meant for testing only), we fix that by replacing backslashes in the path with slashes on Windows, because backslashes may be valid characters for file names on other systems, but not on Windows. | ||||
* | updated NEWS | Christoph M. Becker | 2015-08-14 | 1 | -0/+4 |
| | |||||
* | Fix #70266 (DateInterval::__construct.interval_spec is not supposed to be ↵ | Christoph M. Becker | 2015-08-14 | 2 | -1/+9 |
| | | | | | | optional) The required_num_args argument of ZEND_BEGIN_ARG_INFO_EX() has to be 1. | ||||
* | updated NEWS | Christoph M. Becker | 2015-08-13 | 1 | -0/+4 |
| | |||||
* | Fix #70232: Incorrect bump-along behavior with \K and empty string match | Christoph M. Becker | 2015-08-13 | 2 | -9/+82 |
| | | | | | | | | To do global matching (/g), for every empty match we have to do a second match with PCRE_NOTEMPTY turned on. That may fail, however, when the \K escape sequence is involved. For this purpose libpcre 8.0 introduced the PCRE_NOTEMPTY_ATSTART flag, which we will use if available, and otherwise fall back to the old (possibly buggy) behavior. | ||||
* | Of course, we support v2 in PHP 5.6 as well. | Derick Rethans | 2015-08-13 | 1 | -0/+2 |
| | |||||
* | Updated to version 2015.6 (2015f) | Derick Rethans | 2015-08-13 | 1 | -585/+585 |
| | |||||
* | Updated to version 2015.6 (2015f) | Derick Rethans | 2015-08-12 | 1 | -28014/+29505 |
| | |||||
* | update NEWS | Anatol Belski | 2015-08-11 | 1 | -0/+2 |
| | |||||
* | Fixed bug #70198 Checking liveness does not work as expected | Anatol Belski | 2015-08-11 | 1 | -1/+11 |
| | |||||
* | fix news entry | Anatol Belski | 2015-08-11 | 1 | -1/+1 |
| | |||||
* | updated NEWS | Anatol Belski | 2015-08-11 | 1 | -0/+3 |
| | |||||
* | fix bug #69833 mcrypt fd caching not working | Anatol Belski | 2015-08-11 | 1 | -13/+23 |
| | |||||
* | Fixed bug #70237 (Empty while and do-while segmentation fault with opcode on ↵ | Xinchen Hui | 2015-08-11 | 3 | -0/+28 |
| | | | | CLI enabled). | ||||
* | updated NEWS wrt. bug #69487 | Christoph M. Becker | 2015-08-11 | 1 | -0/+1 |
| | |||||
* | Fix #69487: SAPI may truncate POST data | Christoph M. Becker | 2015-08-11 | 2 | -1/+26 |
| | | | | | | | If SG(request_info).request_body can't be completely written (e.g. due to a full drive), only parts of the POST data will be available. This patch changes this, so that SG(request_info).request_body will be reset in this case, and a warning will be thrown. | ||||
* | Add CVE IDs asigned to #69085 (PHP 5.6.7) | Lior Kaplan | 2015-08-10 | 1 | -1/+2 |
| | |||||
* | Align NEWS with 5.6.12 | Lior Kaplan | 2015-08-10 | 1 | -1/+28 |
| | |||||
* | Add entries for phar bug fixes in 5.6.11 (also have CVE assigned) | Lior Kaplan | 2015-08-10 | 1 | -0/+6 |
| | |||||
* | updated NEWS | Christoph M. Becker | 2015-08-09 | 1 | -0/+4 |
| | |||||
* | Fix #66606: Sets HTTP_CONTENT_TYPE but not CONTENT_TYPE | wusuopu | 2015-08-09 | 1 | -0/+3 |
| | | | | The patch will store Content-Type header value in both HTTP_CONTENT_TYPE field and CONTENT_TYPE field. | ||||
* | added tests for bug #66606 | Christoph M. Becker | 2015-08-09 | 2 | -0/+63 |
| | |||||
* | fix NEWS | Ferenc Kovacs | 2015-08-07 | 1 | -1/+1 |
| | |||||
* | Merge branch 'PHP-5.5' into PHP-5.6 | Stanislav Malyshev | 2015-08-05 | 0 | -0/+0 |
|\ | | | | | | | | | | | | | | | | | * PHP-5.5: 5.5.29 next Conflicts: configure.in main/php_version.h | ||||
| * | 5.5.29 next | Stanislav Malyshev | 2015-08-04 | 3 | -5/+7 |
| | | |||||
* | | Merge branch 'PHP-5.5' into PHP-5.6 | Stanislav Malyshev | 2015-08-04 | 1 | -2/+2 |
|\ \ | |/ | | | | | | | * PHP-5.5: fix test | ||||
| * | Merge branch 'PHP-5.4' into PHP-5.5 | Stanislav Malyshev | 2015-08-04 | 1 | -2/+2 |
| |\ | | | | | | | | | | | | | * PHP-5.4: fix test |