| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
* PHP-5.4:
Merge branch 'PHP-5.6'
bump version
Conflicts:
configure.in
main/php_version.h
|
| |
|
|\
| |
| |
| |
| | |
* PHP-5.5:
fix unit tests
|
| |\
| | |
| | |
| | |
| | | |
* PHP-5.4:
fix unit tests
|
| | | |
|
|\ \ \
| |/ /
| | |
| | |
| | |
| | | |
* PHP-5.5:
update NEWS
add NEWS for fixes
|
| | | |
|
| |\ \
| | |/
| | |
| | |
| | | |
* PHP-5.4:
add NEWS for fixes
|
| | | |
|
|\ \ \
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* PHP-5.5:
Improve fix for #70172
Add CVE IDs asigned (post release) to PHP 5.4.43
Add CVE IDs asigned to #69085 (PHP 5.4.39)
Conflicts:
ext/pcre/php_pcre.c
|
| |\ \
| | |/
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* PHP-5.4:
Improve fix for #70172
Fix bug #70312 - HAVAL gives wrong hashes in specific cases
fix test
add test
Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
Fix bug #70172 - Use After Free Vulnerability in unserialize()
Fix bug #70388 - SOAP serialize_function_call() type confusion
Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
Improve fix for #70385
Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
Fix bug #70219 (Use after free vulnerability in session deserializer)
Fix for bug #69782
Add CVE IDs asigned (post release) to PHP 5.4.43
Add CVE IDs asigned to #69085 (PHP 5.4.39)
5.4.45 next
Conflicts:
configure.in
ext/pcre/php_pcre.c
ext/standard/var_unserializer.c
ext/standard/var_unserializer.re
main/php_version.h
|
| | |\
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* PHP-5.4.45:
Improve fix for #70172
Fix bug #70312 - HAVAL gives wrong hashes in specific cases
fix test
add test
Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
Fix bug #70172 - Use After Free Vulnerability in unserialize()
Fix bug #70388 - SOAP serialize_function_call() type confusion
Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
Improve fix for #70385
Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
Fix bug #70219 (Use after free vulnerability in session deserializer)
Fix for bug #69782
|
| | | | |
|
| | | | |
|
| | | | |
|
|\ \ \ \
| | |_|/
| |/| |
| | | |
| | | | |
* PHP-5.4.45:
Fix bug #70312 - HAVAL gives wrong hashes in specific cases
|
| | | | |
|
|\ \ \ \
| |/ / /
| | | |
| | | |
| | | | |
* PHP-5.4.45:
fix test
|
| | | | |
|
|\ \ \ \
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* PHP-5.4.45:
add test
Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
Fix bug #70172 - Use After Free Vulnerability in unserialize()
Fix bug #70388 - SOAP serialize_function_call() type confusion
Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
Improve fix for #70385
Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
Conflicts:
ext/pcre/php_pcre.c
ext/standard/var_unserializer.c
|
| | | | |
|
| | | |
| | | |
| | | |
| | | | |
SplDoublyLinkedList
|
| | | |
| | | |
| | | |
| | | | |
SplObjectStorage
|
| | | | |
|
| | | | |
|
| | | |
| | | |
| | | |
| | | | |
creating directories
|
| | | | |
|
| | | | |
|
| | | |
| | | |
| | | |
| | | | |
value of 32 bytes)
|
| | | | |
|
|\ \ \ \
| |/ / /
| | / /
| |/ /
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* PHP-5.4.45:
Fix bug #70219 (Use after free vulnerability in session deserializer)
Fix for bug #69782
5.4.45 next
Conflicts:
configure.in
ext/standard/var_unserializer.c
ext/standard/var_unserializer.re
main/php_version.h
|
| | | |
|
| |/ |
|
| | |
|
| | |
|
|\ \
| |/
| |
| |
| | |
* PHP-5.4:
fix test
|
| | |
|
|\ \
| |/
| |
| |
| | |
* PHP-5.4:
__wakeup doesn't have to be final
|
| | |
|
| | |
|
|\ \
| |/
| |
| |
| |
| | |
* PHP-5.4:
fix test
update NEWS
|
| | |
|
| | |
|
|\ \
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* PHP-5.4:
Fix bug #70019 - limit extracted files to given directory
Do not do convert_to_* on unserialize, it messes up references
Fix #69793 - limit what we accept when unserializing exception
Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
ignore signatures for packages too
Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
Fixed bug #69892
Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
Improved fix for Bug #69441
Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
Fix bug #70081: check types for SOAP variables
Conflicts:
.gitignore
ext/date/php_date.c
ext/spl/spl_array.c
ext/spl/spl_observer.c
|
| |\
| | |
| | |
| | |
| | |
| | | |
* PHP-5.4:
Fixed bug #69892
Adjust Git-Rules
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | | |
SplDoublyLinkedList)
|