summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'PHP-5.4' into PHP-5.5php-5.5.29PHP-5.5.29Julien Pauli2015-09-021-0/+2
| | | | | | | | | | * PHP-5.4: Merge branch 'PHP-5.6' bump version Conflicts: configure.in main/php_version.h
* prepare for 5.5.29Julien Pauli2015-09-023-7/+3
|
* Merge branch 'PHP-5.5' into PHP-5.5.29Stanislav Malyshev2015-09-013-3/+3
|\ | | | | | | | | * PHP-5.5: fix unit tests
| * Merge branch 'PHP-5.4' into PHP-5.5Stanislav Malyshev2015-09-013-3/+3
| |\ | | | | | | | | | | | | * PHP-5.4: fix unit tests
| | * fix unit testsStanislav Malyshev2015-09-013-3/+3
| | |
* | | Merge branch 'PHP-5.5' into PHP-5.5.29Stanislav Malyshev2015-09-011-4/+42
|\ \ \ | |/ / | | | | | | | | | | | | * PHP-5.5: update NEWS add NEWS for fixes
| * | update NEWSStanislav Malyshev2015-09-011-4/+42
| | |
| * | Merge branch 'PHP-5.4' into PHP-5.5Stanislav Malyshev2015-09-010-0/+0
| |\ \ | | |/ | | | | | | | | | * PHP-5.4: add NEWS for fixes
| | * add NEWS for fixesStanislav Malyshev2015-09-011-1/+35
| | |
* | | Merge branch 'PHP-5.5' into PHP-5.5.29Stanislav Malyshev2015-09-013-1/+72
|\ \ \ | |/ / | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.5: Improve fix for #70172 Add CVE IDs asigned (post release) to PHP 5.4.43 Add CVE IDs asigned to #69085 (PHP 5.4.39) Conflicts: ext/pcre/php_pcre.c
| * | Merge branch 'PHP-5.4' into PHP-5.5Stanislav Malyshev2015-09-0124-834/+977
| |\ \ | | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.4: Improve fix for #70172 Fix bug #70312 - HAVAL gives wrong hashes in specific cases fix test add test Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage Fix bug #70172 - Use After Free Vulnerability in unserialize() Fix bug #70388 - SOAP serialize_function_call() type confusion Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories Improve fix for #70385 Fix bug #70345 (Multiple vulnerabilities related to PCRE functions) Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes) Fix bug #70219 (Use after free vulnerability in session deserializer) Fix for bug #69782 Add CVE IDs asigned (post release) to PHP 5.4.43 Add CVE IDs asigned to #69085 (PHP 5.4.39) 5.4.45 next Conflicts: configure.in ext/pcre/php_pcre.c ext/standard/var_unserializer.c ext/standard/var_unserializer.re main/php_version.h
| | * Merge branch 'PHP-5.4.45' into PHP-5.4Stanislav Malyshev2015-09-0124-877/+1018
| | |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.4.45: Improve fix for #70172 Fix bug #70312 - HAVAL gives wrong hashes in specific cases fix test add test Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage Fix bug #70172 - Use After Free Vulnerability in unserialize() Fix bug #70388 - SOAP serialize_function_call() type confusion Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories Improve fix for #70385 Fix bug #70345 (Multiple vulnerabilities related to PCRE functions) Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes) Fix bug #70219 (Use after free vulnerability in session deserializer) Fix for bug #69782
| | | * Improve fix for #70172Stanislav Malyshev2015-09-013-1/+72
| | | |
| | * | Add CVE IDs asigned (post release) to PHP 5.4.43Lior Kaplan2015-08-101-3/+4
| | | |
| | * | Add CVE IDs asigned to #69085 (PHP 5.4.39)Lior Kaplan2015-08-101-1/+1
| | | |
* | | | Merge branch 'PHP-5.4.45' into PHP-5.5.29Stanislav Malyshev2015-09-012-5/+23
|\ \ \ \ | | |_|/ | |/| | | | | | | | | | * PHP-5.4.45: Fix bug #70312 - HAVAL gives wrong hashes in specific cases
| * | | Fix bug #70312 - HAVAL gives wrong hashes in specific casesStanislav Malyshev2015-09-012-5/+23
| | | |
* | | | Merge branch 'PHP-5.4.45' into PHP-5.5.29Stanislav Malyshev2015-09-011-1/+1
|\ \ \ \ | |/ / / | | | | | | | | | | | | * PHP-5.4.45: fix test
| * | | fix testStanislav Malyshev2015-09-011-1/+1
| | | |
* | | | Merge branch 'PHP-5.4.45' into PHP-5.5.29Stanislav Malyshev2015-09-0116-267/+587
|\ \ \ \ | |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.4.45: add test Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage Fix bug #70172 - Use After Free Vulnerability in unserialize() Fix bug #70388 - SOAP serialize_function_call() type confusion Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories Improve fix for #70385 Fix bug #70345 (Multiple vulnerabilities related to PCRE functions) Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes) Conflicts: ext/pcre/php_pcre.c ext/standard/var_unserializer.c
| * | | add testStanislav Malyshev2015-09-011-0/+50
| | | |
| * | | Fix bug #70366 - use-after-free vulnerability in unserialize() with ↵Stanislav Malyshev2015-09-013-1/+56
| | | | | | | | | | | | | | | | SplDoublyLinkedList
| * | | Fix bug #70365 - use-after-free vulnerability in unserialize() with ↵Stanislav Malyshev2015-09-012-0/+52
| | | | | | | | | | | | | | | | SplObjectStorage
| * | | Fix bug #70172 - Use After Free Vulnerability in unserialize()Stanislav Malyshev2015-08-314-42/+121
| | | |
| * | | Fix bug #70388 - SOAP serialize_function_call() type confusionStanislav Malyshev2015-08-312-44/+69
| | | |
| * | | Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when ↵Stanislav Malyshev2015-08-302-39/+72
| | | | | | | | | | | | | | | | creating directories
| * | | Improve fix for #70385Stanislav Malyshev2015-08-291-2/+2
| | | |
| * | | Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)Stanislav Malyshev2015-08-282-76/+100
| | | |
| * | | Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte ↵Stanislav Malyshev2015-08-281-104/+104
| | | | | | | | | | | | | | | | value of 32 bytes)
* | | | More fixes for bug #70219Stanislav Malyshev2015-08-282-2/+51
| | | |
* | | | Merge branch 'PHP-5.4.45' into PHP-5.5.29Stanislav Malyshev2015-08-257-564/+298
|\ \ \ \ | |/ / / | | / / | |/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.4.45: Fix bug #70219 (Use after free vulnerability in session deserializer) Fix for bug #69782 5.4.45 next Conflicts: configure.in ext/standard/var_unserializer.c ext/standard/var_unserializer.re main/php_version.h
| * | Fix bug #70219 (Use after free vulnerability in session deserializer)Stanislav Malyshev2015-08-236-498/+228
| | |
| * | Fix for bug #69782Stanislav Malyshev2015-08-161-69/+73
| |/
| * 5.4.45 nextStanislav Malyshev2015-08-043-5/+7
| |
* | 5.5.29 nextStanislav Malyshev2015-08-043-5/+7
| |
* | Merge branch 'PHP-5.4' into PHP-5.5Stanislav Malyshev2015-08-041-2/+2
|\ \ | |/ | | | | | | * PHP-5.4: fix test
| * fix testStanislav Malyshev2015-08-041-2/+2
| |
* | Merge branch 'PHP-5.4' into PHP-5.5Stanislav Malyshev2015-08-041-1/+1
|\ \ | |/ | | | | | | * PHP-5.4: __wakeup doesn't have to be final
| * __wakeup doesn't have to be finalStanislav Malyshev2015-08-041-1/+1
| |
* | update NEWSStanislav Malyshev2015-08-041-0/+29
| |
* | Merge branch 'PHP-5.4' into PHP-5.5Stanislav Malyshev2015-08-041-4/+7
|\ \ | |/ | | | | | | | | * PHP-5.4: fix test update NEWS
| * fix testStanislav Malyshev2015-08-041-4/+7
| |
| * update NEWSStanislav Malyshev2015-08-041-2/+30
| |
* | Merge branch 'PHP-5.4' into PHP-5.5Stanislav Malyshev2015-08-0421-151/+398
|\ \ | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.4: Fix bug #70019 - limit extracted files to given directory Do not do convert_to_* on unserialize, it messes up references Fix #69793 - limit what we accept when unserializing exception Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList) Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject ignore signatures for packages too Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage Fixed bug #69892 Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes Improved fix for Bug #69441 Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items) Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref) Fix bug #70081: check types for SOAP variables Conflicts: .gitignore ext/date/php_date.c ext/spl/spl_array.c ext/spl/spl_observer.c
| * Merge branch 'PHP-5.4' into PHP-5.4.44Stanislav Malyshev2015-08-044-9/+21
| |\ | | | | | | | | | | | | | | | * PHP-5.4: Fixed bug #69892 Adjust Git-Rules
| | * Fixed bug #69892Nikita Popov2015-08-013-3/+15
| | |
| * | Fix bug #70019 - limit extracted files to given directoryStanislav Malyshev2015-08-043-4/+68
| | |
| * | Do not do convert_to_* on unserialize, it messes up referencesStanislav Malyshev2015-08-043-79/+85
| | |
| * | Fix #69793 - limit what we accept when unserializing exceptionStanislav Malyshev2015-08-013-0/+46
| | |
| * | Fixed bug #70169 (Use After Free Vulnerability in unserialize() with ↵Stanislav Malyshev2015-08-012-12/+43
| | | | | | | | | | | | SplDoublyLinkedList)
View Lorry Controller Status