| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| |
| |
| |
| |
| |
| |
| | |
* PHP-7.0:
Fix bug #73737 FPE when parsing a tag format
Fix bug #73773 - Seg fault when loading hostile phar
Fix bug #73825 - Heap out of bounds read on unserialize in finish_nested_data()
Fix bug #73768 - Memory corruption when loading hostile phar
Fix int overflows in phar (bug #73764)
|
| |\
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* PHP-5.6:
Fix bug #73737 FPE when parsing a tag format
Fix bug #73773 - Seg fault when loading hostile phar
Fix bug #73825 - Heap out of bounds read on unserialize in finish_nested_data()
Fix bug #73768 - Memory corruption when loading hostile phar
Fix int overflows in phar (bug #73764)
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | | |
phar_parse_tarfile)
|
| | |
| | |
| | |
| | | |
phar_parse_zipfile
|
| | |
| | |
| | |
| | | |
(cherry picked from commit 57bbe2c140752f491b1fa24336b817bd48f65a93)
|
| | |
| | |
| | |
| | | |
(cherry picked from commit f1ff23095b1a4fe6d6a65331dda7832ae02eb1a1)
|
| | |
| | |
| | |
| | |
| | | |
Now the conversions are explicit and do checks. Not sure it's
the best way but at least we can see them now in the open.
|
| | | |
|
| | |
| | |
| | |
| | | |
(cherry picked from commit 57bbe2c140752f491b1fa24336b817bd48f65a93)
|
| | |
| | |
| | |
| | | |
(cherry picked from commit f1ff23095b1a4fe6d6a65331dda7832ae02eb1a1)
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
* PHP-7.0:
Fix more size_t/int implicit conversions
|
| | | |
| | | |
| | | |
| | | |
| | | | |
Now the conversions are explicit and do checks. Not sure it's
the best way but at least we can see them now in the open.
|
|\ \ \ \
| |/ / /
| | | |
| | | |
| | | | |
* PHP-7.0:
Fix int/size_t confusion in isValidPharFilename (bug #73580)
|
| |/ / |
|
| | | |
|
| | | |
|
|\ \ \
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* PHP-7.0: (22 commits)
Fix bug #72293 - Heap overflow in mysqlnd related to BIT fields
I don't think 8cceb012a7aabf3c36ab7c2724a436f976cdd165 is needed
Fix test
Add check in fgetcsv in case sizeof(unit) != sizeof(size_t)
Fix bug #73065: Out-Of-Bounds Read in php_wddx_push_element of wddx.c
Fix bug #73035 (Out of bound when verify signature of tar phar in phar_parse_tarfile)
Fix bug #73052 - Memory Corruption in During Deserialized-object Destruction
Fix bug #73029 - Missing type check when unserializing SplArray
Fix bug #72860: wddx_deserialize use-after-free
Fix bug #73007: add locale length check
Fix bug #72928 - Out of bound when verify signature of zip phar in phar_parse_zipfile
sync NEWS
Revert "Merge branch 'PHP-5.6' into PHP-7.0"
Merge branch 'PHP-5.6' into PHP-7.0
Merge branch 'PHP-5.6' into PHP-7.0
Revert "Revert "Merge branch 'PHP-5.6' into PHP-7.0""
fix version
sync NEWS
Fix bug #72957
set versions
...
|
| |\ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* PHP-7.0.11: (22 commits)
Fix bug #72293 - Heap overflow in mysqlnd related to BIT fields
I don't think 8cceb012a7aabf3c36ab7c2724a436f976cdd165 is needed
Fix test
Add check in fgetcsv in case sizeof(unit) != sizeof(size_t)
Fix bug #73065: Out-Of-Bounds Read in php_wddx_push_element of wddx.c
Fix bug #73035 (Out of bound when verify signature of tar phar in phar_parse_tarfile)
Fix bug #73052 - Memory Corruption in During Deserialized-object Destruction
Fix bug #73029 - Missing type check when unserializing SplArray
Fix bug #72860: wddx_deserialize use-after-free
Fix bug #73007: add locale length check
Fix bug #72928 - Out of bound when verify signature of zip phar in phar_parse_zipfile
sync NEWS
Revert "Merge branch 'PHP-5.6' into PHP-7.0"
Merge branch 'PHP-5.6' into PHP-7.0
Merge branch 'PHP-5.6' into PHP-7.0
Revert "Revert "Merge branch 'PHP-5.6' into PHP-7.0""
fix version
sync NEWS
Fix bug #72957
set versions
...
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
phar_parse_tarfile)
(cherry picked from commit 75ebf471ff46ec6e5ee279b3650c11d51ebaf9e3)
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
phar_parse_zipfile
(cherry picked from commit 19484ab77466f99c78fc0e677f7e03da0584d6a2)
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
E_RECOVERABLE errors are reported as "Catchable fatal error". This is
misleading, because they actually can't be caught via try-catch statements.
Therefore we change the wording to "Recoverable fatal error" as suggested by
Nikita.
|
|\ \ \ \
| |/ / /
| | | |
| | | |
| | | | |
* PHP-7.0:
fix double free
|
| |\ \ \
| | |/ /
| |/| /
| | |/
| | | |
* PHP-5.6:
fix double free
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | | |
Change zend_call_function() to not abort the call if a non-reference
is passed to a reference argument. The usual warning will still be
thrown, but the call will proceed as usual.
|
| | | |
|
| | | |
|
| | | |
|
|\ \ \
| |/ /
| | |
| | |
| | | |
* PHP-7.0:
fix test
|
| |\ \
| | |/
| | |
| | |
| | | |
* PHP-5.6:
fix test
|
| | |
| | |
| | |
| | |
| | |
| | | |
There is a difference between TS and NTS warning message, since
virtual_mkdir vs glibc directly is used. This has no effect for
the actual fix functionality.
|
| | |
| | |
| | |
| | |
| | | |
"%p" replaced by ZEND_LONG_FMT to avoid compilation warnings.
Fixed most incorrect use cases of format specifiers.
|
|\ \ \
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* PHP-7.0:
iFixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
update NEWS
fix tests
fix build
Fix bug #72455: Heap Overflow due to integer overflows
Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fix bug #72407: NULL Pointer Dereference at _gdScaleVert
Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free
Fix bug #72298 pass2_no_dither out-of-bounds access
Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
Fix bug #72262 - do not overflow int
Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
Fix bug #72275: don't allow smart_str to overflow int
Fix bug #72340: Double Free Courruption in wddx_deserialize
Fix bug #72321 - use efree() for emalloc allocation
5.6.23RC1
fix NEWS
set versions
|
| |\ \
| | |/
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* PHP-5.6.23: (24 commits)
iFixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
update NEWS
fix tests
fix build
Fix bug #72455: Heap Overflow due to integer overflows
Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fix bug #72407: NULL Pointer Dereference at _gdScaleVert
Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free
Fix bug #72298 pass2_no_dither out-of-bounds access
Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
Fix bug #72262 - do not overflow int
Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
Fix bug #72275: don't allow smart_str to overflow int
Fix bug #72340: Double Free Courruption in wddx_deserialize
update NEWS
Fix #66387: Stack overflow with imagefilltoborder
Fix bug #72321 - use efree() for emalloc allocation
5.6.23RC1
Fix bug #72140 (segfault after calling ERR_free_strings())
...
Conflicts:
configure.in
ext/mbstring/php_mbregex.c
ext/mcrypt/mcrypt.c
ext/spl/spl_array.c
ext/spl/spl_directory.c
ext/standard/php_smart_str.h
ext/standard/string.c
ext/standard/url.c
ext/wddx/wddx.c
ext/zip/php_zip.c
main/php_version.h
|
| | | |
|
|\ \ \
| |/ /
| | |
| | |
| | | |
* PHP-7.0:
fix dir separator in test
|
| |\ \
| | |/
| | |
| | |
| | | |
* PHP-5.6:
fix dir separator in test
|
| | |\
| | | |
| | | |
| | | |
| | | | |
* PHP-5.5:
fix dir separator in test
|
| | | | |
|
| | |\ \
| | | |/
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* PHP-5.5:
Fixed bug #71906: AddressSanitizer: negative-size-param (-1) in mbfl_strcut
Fix bug #71798 - Integer Overflow in php_raw_url_encode
Fix bug #71860: Require valid paths for phar filenames
Going for 5.5.34
Conflicts:
configure.in
ext/phar/tests/create_path_error.phpt
main/php_version.h
|
|\ \ \ \
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* PHP-7.0:
Fixed bug #71704 php_snmp_error() Format String Vulnerability
Fixed bug #71906: AddressSanitizer: negative-size-param (-1) in mbfl_strcut
Updated to version 2016.3 (2016c)
Fixed bug #71906: AddressSanitizer: negative-size-param (-1) in mbfl_strcut
Fixed bug #71527 Buffer over-write in finfo_open with malformed magic file
Fix bug #71798 - Integer Overflow in php_raw_url_encode
update NEWS
Disable huge pages in the Zend allocator by default As per the discussion on internals, this is an expert feature that needs special system-level configuration and care.
Added ability to disable huge pages in Zend Memeory Manager through the environment variable USE_ZEND_ALLOC_HUGE_PAGES=0.
Fix bug #71860: Require valid paths for phar filenames
Fix bug #71860: Require valid paths for phar filenames
update NEWS
Fixed bug #71704 php_snmp_error() Format String Vulnerability
Merge branch 'PHP-5.6' into PHP-7.0
Updated to version 2016.2 (2016b)
update libs versions
set RC1 versions
Going for 5.5.34
|
| |\ \ \
| | | |/
| | |/|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* PHP-5.5:
Fixed bug #71704 php_snmp_error() Format String Vulnerability
Fixed bug #71906: AddressSanitizer: negative-size-param (-1) in mbfl_strcut
Fixed bug #71906: AddressSanitizer: negative-size-param (-1) in mbfl_strcut
Fix bug #71798 - Integer Overflow in php_raw_url_encode
Fix bug #71860: Require valid paths for phar filenames
Going for 5.5.34
Conflicts:
configure.in
ext/phar/phar_object.c
ext/phar/tests/badparameters.phpt
ext/phar/tests/create_path_error.phpt
ext/phar/tests/pharfileinfo_construct.phpt
ext/snmp/snmp.c
ext/standard/url.c
main/php_version.h
|
| | | | |
|
| | | | |
|