| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| |
| |
| | |
* PHP-5.6:
Fix tests
|
| | |
|
| | |
|
| |
| |
| |
| |
| | |
* pull-request/1905:
pack()/unpack() for Big Endian float/double and Little Endian float/double
|
| | |
|
|\ \
| |/ |
|
| |
| |
| |
| | |
This reverts commit a10d03ac166daba646b6023e0f12e9ee8040c909.
|
|\ \
| |/
| |
| |
| |
| |
| | |
* PHP-5.6:
Fixed test
Added validation to parse_url() to prohibit restricted characters inside login/pass components based on RFC3986
Apparently negative wordwrap is a thing and should work as length = 0.
|
| | |
|
| | |
|
| | |
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* PHP-7.0.11: (22 commits)
Fix bug #72293 - Heap overflow in mysqlnd related to BIT fields
I don't think 8cceb012a7aabf3c36ab7c2724a436f976cdd165 is needed
Fix test
Add check in fgetcsv in case sizeof(unit) != sizeof(size_t)
Fix bug #73065: Out-Of-Bounds Read in php_wddx_push_element of wddx.c
Fix bug #73035 (Out of bound when verify signature of tar phar in phar_parse_tarfile)
Fix bug #73052 - Memory Corruption in During Deserialized-object Destruction
Fix bug #73029 - Missing type check when unserializing SplArray
Fix bug #72860: wddx_deserialize use-after-free
Fix bug #73007: add locale length check
Fix bug #72928 - Out of bound when verify signature of zip phar in phar_parse_zipfile
sync NEWS
Revert "Merge branch 'PHP-5.6' into PHP-7.0"
Merge branch 'PHP-5.6' into PHP-7.0
Merge branch 'PHP-5.6' into PHP-7.0
Revert "Revert "Merge branch 'PHP-5.6' into PHP-7.0""
fix version
sync NEWS
Fix bug #72957
set versions
...
|
| | |
| | |
| | |
| | |
| | | |
This reverts commit 946335ba706b7dbfe70a5fc9a1e74ee46af19cfe, reversing
changes made to 3437dbfa0097d3c5be69d4efb26a2ecb3edf5168.
|
|\ \ \
| |/ /
|/| /
| |/
| | |
* PHP-5.6:
Bug #73058 crypt broken when salt is 'too' long
|
| | |
|
|\ \
| |/
| |
| |
| | |
* PHP-5.6:
Fixed bug #72703 Out of bounds global memory read in BF_crypt triggered by password_verify
|
| |
| |
| |
| | |
password_verify
|
| |
| |
| |
| | |
The 70436 test is just a bonus for the hardening in 72633.
|
|\ \
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* PHP-5.6: (24 commits)
Update NEWS
BLock test with memory leak
fix tests
Fix TSRM build
Fix bug #72850 - integer overflow in uuencode
Fixed bug #72849 - integer overflow in urlencode
Fix bug #72848 - integer overflow in quoted_printable_encode caused heap corruption
Fix bug #72838 - Integer overflow lead to heap corruption in sql_regcase
Fix bug #72837 - integer overflow in bzdecompress caused heap corruption
Fix bug #72836 - integer overflow in base64_decode caused heap corruption
Fix for bug #72807 - do not produce strings with negative length
Fix for bug #72790 and bug #72799
Fix bug #72730 - imagegammacorrect allows arbitrary write access
Fix bug#72697 - select_colors write out-of-bounds
Fixed bug #72627: Memory Leakage In exif_process_IFD_in_TIFF
Fix bug #72750: wddx_deserialize null dereference
Fix bug #72771: ftps:// opendir wrapper is vulnerable to protocol downgrade attack
Improve fix for #72663
Fix bug #70436: Use After Free Vulnerability in unserialize()
Fix bug #72749: wddx_deserialize allows illegal memory access
...
Conflicts:
Zend/zend_API.h
ext/bz2/bz2.c
ext/curl/interface.c
ext/ereg/ereg.c
ext/exif/exif.c
ext/gd/gd.c
ext/gd/tests/imagetruecolortopalette_error3.phpt
ext/gd/tests/imagetruecolortopalette_error4.phpt
ext/session/session.c
ext/snmp/snmp.c
ext/standard/base64.c
ext/standard/ftp_fopen_wrapper.c
ext/standard/quot_print.c
ext/standard/url.c
ext/standard/uuencode.c
ext/standard/var.c
ext/standard/var_unserializer.c
ext/standard/var_unserializer.re
ext/wddx/tests/bug72790.phpt
ext/wddx/tests/bug72799.phpt
ext/wddx/wddx.c
sapi/cli/generate_mime_type_map.php
|
| | |
|
| | |
|
| | |
|
| | |
|
|\ \
| |/ |
|
| |
| |
| |
| |
| | |
If php_strtr_array_prepare_repls() reports pattern_len == 0, we return
early to avoid OOB accesses, and because there is nothing to replace anyway.
|
| |
| |
| |
| |
| | |
Make substr_compare ignore the length if it's NULL. This allows to
use the last parameter (case_insensitivity) with the default length.
|
| | |
|
| | |
|
| |
| |
| |
| |
| | |
This added check is actually for NOT failing in NON-strict mode.
The ch == -2 check later causes the desired failure in strict mode.
|
| | |
|
|\ \
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* PHP-5.6.23: (24 commits)
iFixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
update NEWS
fix tests
fix build
Fix bug #72455: Heap Overflow due to integer overflows
Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fix bug #72407: NULL Pointer Dereference at _gdScaleVert
Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free
Fix bug #72298 pass2_no_dither out-of-bounds access
Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
Fix bug #72262 - do not overflow int
Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
Fix bug #72275: don't allow smart_str to overflow int
Fix bug #72340: Double Free Courruption in wddx_deserialize
update NEWS
Fix #66387: Stack overflow with imagefilltoborder
Fix bug #72321 - use efree() for emalloc allocation
5.6.23RC1
Fix bug #72140 (segfault after calling ERR_free_strings())
...
Conflicts:
configure.in
ext/mbstring/php_mbregex.c
ext/mcrypt/mcrypt.c
ext/spl/spl_array.c
ext/spl/spl_directory.c
ext/standard/php_smart_str.h
ext/standard/string.c
ext/standard/url.c
ext/wddx/wddx.c
ext/zip/php_zip.c
main/php_version.h
|
| |\
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* PHP-5.5:
Fixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
update NEWS
fix tests
fix build
Fix bug #72455: Heap Overflow due to integer overflows
Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fix bug #72407: NULL Pointer Dereference at _gdScaleVert
Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free
Fix bug #72298 pass2_no_dither out-of-bounds access
Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
Fix bug #72262 - do not overflow int
Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
Fix bug #72275: don't allow smart_str to overflow int
Fix bug #72340: Double Free Courruption in wddx_deserialize
update NEWS
Fix #66387: Stack overflow with imagefilltoborder
Skip test which is 64bits only
5.5.37 now
Conflicts:
configure.in
ext/mcrypt/mcrypt.c
ext/spl/spl_directory.c
main/php_version.h
|
| | |
| | |
| | |
| | | |
algorithm and unserialize
|
| | |
| | |
| | |
| | | |
unserialize
|
| | |
| | |
| | |
| | | |
very big integer). (Mikhail Galanin)
|
| | |
| | |
| | |
| | | |
foreach by reference)
|
| | | |
|
| | | |
|
| | | |
|
|\ \ \
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* PHP-5.6:
Updated NEWS
Fix #70720
Conflicts:
ext/standard/string.c
ext/standard/tests/strings/bug70720.phpt
|
| | | |
|
| | |
| | |
| | |
| | | |
This reverts commit ff7ed9021cd72a7f82dd4301cdc266afdff458ad.
|
|\ \ \
| |/ /
| | |
| | |
| | |
| | | |
* PHP-5.6:
Fix #70720
Align NEWS entry format
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | | |
backported from master
|
| | |
| | |
| | |
| | | |
to strings)
|
| | |
| | |
| | |
| | | |
strings)
|
| | | |
|
| | |
| | |
| | |
| | | |
Switch to * instead of + in zpp.
|