Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | 5.6.40php-5.6.40PHP-5.6.40 | Ferenc Kovacs | 2019-01-09 | 3 | -8/+6 |
| | |||||
* | 5.6.41 will be next. not reallyPHP-5.6 | Ferenc Kovacs | 2019-01-09 | 3 | -5/+7 |
| | |||||
* | Fix bug #77418 - Heap overflow in utf32be_mbc_to_code | Stanislav Malyshev | 2019-01-06 | 6 | -5/+25 |
| | |||||
* | [ci skip] Add NEWS | Stanislav Malyshev | 2019-01-06 | 1 | -0/+22 |
| | |||||
* | Fix more issues with encodilng length | Stanislav Malyshev | 2019-01-06 | 6 | -14/+38 |
| | | | | Should fix bug #77381, bug #77382, bug #77385, bug #77394. | ||||
* | Fix #77270: imagecolormatch Out Of Bounds Write on Heap | Christoph M. Becker | 2019-01-06 | 2 | -2/+20 |
| | | | | | | | At least some of the image reading functions may return images which use color indexes greater than or equal to im->colorsTotal. We cater to this by always using a buffer size which is sufficient for `gdMaxColors` in `gdImageColorMatch()`. | ||||
* | Fix bug #77380 (Global out of bounds read in xmlrpc base64 code) | Stanislav Malyshev | 2019-01-06 | 2 | -2/+19 |
| | |||||
* | Fix bug #77371 (heap buffer overflow in mb regex functions - ↵ | Stanislav Malyshev | 2019-01-06 | 2 | -0/+11 |
| | | | | compile_string_node) | ||||
* | Fix bug #77370 - check that we do not read past buffer end when parsing ↵ | Stanislav Malyshev | 2019-01-06 | 2 | -0/+22 |
| | | | | multibytes | ||||
* | Fix #77269: Potential unsigned underflow in gdImageScale | Christoph M. Becker | 2019-01-06 | 2 | -9/+30 |
| | | | | | | Belatedly, we're porting the respective upstream patch[1]. [1] <https://github.com/libgd/libgd/commit/60bfb401ad5a4a8ae995dcd36372fe15c71e1a35> | ||||
* | Fix bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext) | Stanislav Malyshev | 2019-01-06 | 2 | -1/+15 |
| | |||||
* | Fix bug #77242 (heap out of bounds read in xmlrpc_decode()) | Stanislav Malyshev | 2019-01-06 | 2 | -0/+13 |
| | |||||
* | Regenerate certs for openssl tests | Alexander Kurilo | 2019-01-02 | 5 | -44/+91 |
| | |||||
* | 5.6.40 will be next. probably not | Ferenc Kovacs | 2018-12-05 | 3 | -5/+7 |
| | |||||
* | Fix null pointer deref in qprint-encode filter (bug #77231) | Stanislav Malyshev | 2018-12-03 | 3 | -1/+16 |
| | |||||
* | Fix bug #77143 - add more checks to buffer reads | Stanislav Malyshev | 2018-12-03 | 5 | -11/+42 |
| | |||||
* | Fix #77020: null pointer dereference in imap_mail | Stanislav Malyshev | 2018-12-03 | 3 | -1/+16 |
| | | | | | | If an empty $message is passed to imap_mail(), we must not set message to NULL, since _php_imap_mail() is not supposed to handle NULL pointers (opposed to pointers to NUL). | ||||
* | Fix TSRM signature - php_stream_stat macro has it's own TSRM | Stanislav Malyshev | 2018-12-02 | 1 | -1/+1 |
| | |||||
* | Regenerate certificates for openssl tests | Alexander Kurilo | 2018-12-02 | 4 | -73/+58 |
| | |||||
* | Improve test for bug77022 | Stanislav Malyshev | 2018-12-02 | 1 | -1/+5 |
| | |||||
* | Fix bug #77022 - use file mode or umask for new files | Stanislav Malyshev | 2018-12-01 | 4 | -2/+50 |
| | |||||
* | Add DISPLAY_INI_ENTRIES for imap | Stanislav Malyshev | 2018-11-28 | 1 | -0/+2 |
| | |||||
* | Disable rsh/ssh functionality in imap by default (bug #77153) | Stanislav Malyshev | 2018-11-20 | 5 | -0/+53 |
| | |||||
* | 5.6.39 will be the next | Ferenc Kovacs | 2018-09-11 | 3 | -5/+7 |
| | |||||
* | Update NEWS | Stanislav Malyshev | 2018-09-09 | 1 | -0/+3 |
| | |||||
* | Fix for bug #76582 | Stanislav Malyshev | 2018-09-09 | 1 | -0/+1 |
| | | | | | The brigade seems to end up in a messed up state if something fails in shutdown, so we clean it up. | ||||
* | 5.6.38 will be next | Ferenc Kovacs | 2018-07-19 | 3 | -5/+7 |
| | |||||
* | Add NEWS | Stanislav Malyshev | 2018-07-16 | 1 | -0/+9 |
| | |||||
* | Fixed bug #76459 windows linkinfo lacks openbasedir check | Anatol Belski | 2018-07-16 | 1 | -1/+12 |
| | |||||
* | Fix bug #76557: heap-buffer-overflow (READ of size 48) while reading exif data | Stanislav Malyshev | 2018-07-16 | 3 | -1/+83 |
| | | | | Use MAKERNOTE length as data size. | ||||
* | Fix bug #76423 - Int Overflow lead to Heap OverFlow in ↵ | Stanislav Malyshev | 2018-07-16 | 3 | -1/+23 |
| | | | | exif_thumbnail_extract of exif.c | ||||
* | 5.6.37 will be next | Ferenc Kovacs | 2018-04-24 | 3 | -5/+21 |
| | |||||
* | Fix test portability | Anatol Belski | 2018-04-24 | 1 | -2/+4 |
| | |||||
* | Fix tsrm_ls | Stanislav Malyshev | 2018-04-23 | 1 | -1/+1 |
| | |||||
* | Merge remote-tracking branch 'security/bug76249' into PHP-5.6 | Stanislav Malyshev | 2018-04-23 | 2 | -0/+21 |
|\ | | | | | | | | | | | * security/bug76249: Fix test Fix bug #76249 - fail on invalid sequences | ||||
| * | Fix test | Stanislav Malyshev | 2018-04-22 | 1 | -2/+4 |
| | | |||||
| * | Fix bug #76249 - fail on invalid sequences | Stanislav Malyshev | 2018-04-22 | 2 | -0/+19 |
| | | |||||
* | | Merge remote-tracking branch 'security/bug76248' into PHP-5.6 | Stanislav Malyshev | 2018-04-23 | 2 | -1/+45 |
|\ \ | | | | | | | | | | | | | * security/bug76248: Fix bug #76248 - Malicious LDAP-Server Response causes Crash | ||||
| * | | Fix bug #76248 - Malicious LDAP-Server Response causes Crash | Stanislav Malyshev | 2018-04-22 | 2 | -1/+45 |
| |/ | |||||
* | | Fix #76129 - remove more potential unfiltered outputs for phar | Stanislav Malyshev | 2018-04-23 | 13 | -16/+14 |
| | | |||||
* | | Merge remote-tracking branch 'security/PHP-5.6' into PHP-5.6 | Stanislav Malyshev | 2018-04-23 | 4 | -1/+21 |
|\ \ | |/ |/| | | | | | | | * security/PHP-5.6: Fix #76130: Heap Buffer Overflow (READ: 1786) in exif_iif_add_value Fix bug #75981: prevent reading beyond buffer start | ||||
| * | Fix #76130: Heap Buffer Overflow (READ: 1786) in exif_iif_add_value | Christoph M. Becker | 2018-04-22 | 4 | -1/+21 |
| | | | | | | | | | | | | The MakerNote is not necessarily null-terminated, so we must not use `strlen()` to avoid OOB reads. Instead `php_strnlen()` is the proper way to handle this. | ||||
| * | Fix bug #75981: prevent reading beyond buffer start | Stanislav Malyshev | 2018-02-20 | 2 | -2/+34 |
| | | |||||
* | | [ci skip] 5.6.36 will be next | Ferenc Kovacs | 2018-03-28 | 3 | -5/+7 |
| | | |||||
* | | [ci skip] Update NEWS | Anatol Belski | 2018-03-27 | 1 | -0/+4 |
| | | |||||
* | | Do not set PR_SET_DUMPABLE by default | Jakub Zelenka | 2018-03-27 | 4 | -1/+11 |
| | | |||||
* | | 5.6.35 is next | Ferenc Kovacs | 2018-02-27 | 3 | -5/+7 |
| | | |||||
* | | [ci skip] Update NEWS | Anatol Belski | 2018-02-27 | 1 | -0/+3 |
| | | |||||
* | | Fix bug #75981: prevent reading beyond buffer start | Stanislav Malyshev | 2018-02-26 | 2 | -2/+34 |
| | | |||||
* | | [ci skip] Set FPM maintainership | Stanislav Malyshev | 2018-02-23 | 1 | -1/+1 |
|/ | | | | | As per http://news.php.net/php.internals/101897, Jakub is officially annointed as new FPM maintainer. |