summaryrefslogtreecommitdiff
path: root/ext
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'PHP-5.4' into PHP-5.5php-5.5.29PHP-5.5.29Julien Pauli2015-09-021-0/+2
| | | | | | | | | | * PHP-5.4: Merge branch 'PHP-5.6' bump version Conflicts: configure.in main/php_version.h
* Merge branch 'PHP-5.5' into PHP-5.5.29Stanislav Malyshev2015-09-013-3/+3
|\ | | | | | | | | * PHP-5.5: fix unit tests
| * Merge branch 'PHP-5.4' into PHP-5.5Stanislav Malyshev2015-09-013-3/+3
| |\ | | | | | | | | | | | | * PHP-5.4: fix unit tests
| | * fix unit testsStanislav Malyshev2015-09-013-3/+3
| | |
* | | Merge branch 'PHP-5.5' into PHP-5.5.29Stanislav Malyshev2015-09-013-1/+72
|\ \ \ | |/ / | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.5: Improve fix for #70172 Add CVE IDs asigned (post release) to PHP 5.4.43 Add CVE IDs asigned to #69085 (PHP 5.4.39) Conflicts: ext/pcre/php_pcre.c
| * | Merge branch 'PHP-5.4' into PHP-5.5Stanislav Malyshev2015-09-0124-834/+977
| |\ \ | | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.4: Improve fix for #70172 Fix bug #70312 - HAVAL gives wrong hashes in specific cases fix test add test Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage Fix bug #70172 - Use After Free Vulnerability in unserialize() Fix bug #70388 - SOAP serialize_function_call() type confusion Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories Improve fix for #70385 Fix bug #70345 (Multiple vulnerabilities related to PCRE functions) Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes) Fix bug #70219 (Use after free vulnerability in session deserializer) Fix for bug #69782 Add CVE IDs asigned (post release) to PHP 5.4.43 Add CVE IDs asigned to #69085 (PHP 5.4.39) 5.4.45 next Conflicts: configure.in ext/pcre/php_pcre.c ext/standard/var_unserializer.c ext/standard/var_unserializer.re main/php_version.h
| | * Improve fix for #70172Stanislav Malyshev2015-09-013-1/+72
| | |
* | | Merge branch 'PHP-5.4.45' into PHP-5.5.29Stanislav Malyshev2015-09-012-5/+23
|\ \ \ | | |/ | |/| | | | | | | * PHP-5.4.45: Fix bug #70312 - HAVAL gives wrong hashes in specific cases
| * | Fix bug #70312 - HAVAL gives wrong hashes in specific casesStanislav Malyshev2015-09-012-5/+23
| | |
* | | Merge branch 'PHP-5.4.45' into PHP-5.5.29Stanislav Malyshev2015-09-011-1/+1
|\ \ \ | |/ / | | | | | | | | | * PHP-5.4.45: fix test
| * | fix testStanislav Malyshev2015-09-011-1/+1
| | |
* | | Merge branch 'PHP-5.4.45' into PHP-5.5.29Stanislav Malyshev2015-09-0116-267/+587
|\ \ \ | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.4.45: add test Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage Fix bug #70172 - Use After Free Vulnerability in unserialize() Fix bug #70388 - SOAP serialize_function_call() type confusion Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories Improve fix for #70385 Fix bug #70345 (Multiple vulnerabilities related to PCRE functions) Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes) Conflicts: ext/pcre/php_pcre.c ext/standard/var_unserializer.c
| * | add testStanislav Malyshev2015-09-011-0/+50
| | |
| * | Fix bug #70366 - use-after-free vulnerability in unserialize() with ↵Stanislav Malyshev2015-09-013-1/+56
| | | | | | | | | | | | SplDoublyLinkedList
| * | Fix bug #70365 - use-after-free vulnerability in unserialize() with ↵Stanislav Malyshev2015-09-012-0/+52
| | | | | | | | | | | | SplObjectStorage
| * | Fix bug #70172 - Use After Free Vulnerability in unserialize()Stanislav Malyshev2015-08-314-42/+121
| | |
| * | Fix bug #70388 - SOAP serialize_function_call() type confusionStanislav Malyshev2015-08-312-44/+69
| | |
| * | Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when ↵Stanislav Malyshev2015-08-302-39/+72
| | | | | | | | | | | | creating directories
| * | Improve fix for #70385Stanislav Malyshev2015-08-291-2/+2
| | |
| * | Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)Stanislav Malyshev2015-08-282-76/+100
| | |
| * | Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte ↵Stanislav Malyshev2015-08-281-104/+104
| | | | | | | | | | | | value of 32 bytes)
* | | More fixes for bug #70219Stanislav Malyshev2015-08-282-2/+51
| | |
* | | Merge branch 'PHP-5.4.45' into PHP-5.5.29Stanislav Malyshev2015-08-257-564/+298
|\ \ \ | |/ / | | / | |/ |/| | | | | | | | | | | | | | | | | * PHP-5.4.45: Fix bug #70219 (Use after free vulnerability in session deserializer) Fix for bug #69782 5.4.45 next Conflicts: configure.in ext/standard/var_unserializer.c ext/standard/var_unserializer.re main/php_version.h
| * Fix bug #70219 (Use after free vulnerability in session deserializer)Stanislav Malyshev2015-08-236-498/+228
| |
| * Fix for bug #69782Stanislav Malyshev2015-08-161-69/+73
| |
* | Merge branch 'PHP-5.4' into PHP-5.5Stanislav Malyshev2015-08-0418-143/+349
|\ \ | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.4: Fix bug #70019 - limit extracted files to given directory Do not do convert_to_* on unserialize, it messes up references Fix #69793 - limit what we accept when unserializing exception Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList) Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject ignore signatures for packages too Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage Fixed bug #69892 Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes Improved fix for Bug #69441 Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items) Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref) Fix bug #70081: check types for SOAP variables Conflicts: .gitignore ext/date/php_date.c ext/spl/spl_array.c ext/spl/spl_observer.c
| * Fix bug #70019 - limit extracted files to given directoryStanislav Malyshev2015-08-043-4/+68
| |
| * Do not do convert_to_* on unserialize, it messes up referencesStanislav Malyshev2015-08-043-79/+85
| |
| * Fix #69793 - limit what we accept when unserializing exceptionStanislav Malyshev2015-08-012-0/+18
| |
| * Fixed bug #70169 (Use After Free Vulnerability in unserialize() with ↵Stanislav Malyshev2015-08-012-12/+43
| | | | | | | | SplDoublyLinkedList)
| * Fixed bug #70166 - Use After Free Vulnerability in unserialize() with ↵Stanislav Malyshev2015-08-012-0/+32
| | | | | | | | SPLArrayObject
| * ignore signatures for packages tooStanislav Malyshev2015-08-011-3/+20
| |
| * Fix bug #70168 - Use After Free Vulnerability in unserialize() with ↵Stanislav Malyshev2015-08-012-33/+54
| | | | | | | | SplObjectStorage
| * Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytesStanislav Malyshev2015-07-261-4/+2
| |
| * Improved fix for Bug #69441Stanislav Malyshev2015-07-261-5/+8
| |
| * Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)Stanislav Malyshev2015-07-262-43/+56
| |
| * Fix bug #70081: check types for SOAP variablesStanislav Malyshev2015-07-261-10/+13
| |
* | Merge branch 'PHP-5.4' into PHP-5.5Stanislav Malyshev2015-07-071-1/+1
|\ \ | |/ | | | | | | | | | | | | | | | | | | | | * PHP-5.4: Better fix for bug #69958 update news Fix bug #69669 (mysqlnd is vulnerable to BACKRONYM) Fix bug #69923 - Buffer overflow and stack smashing error in phar_fix_filepath Fix bug #69958 - Segfault in Phar::convertToData on invalid file Conflicts: ext/mysqlnd/mysqlnd.c
| * Better fix for bug #69958Stanislav Malyshev2015-07-072-9/+15
| |
| * Fix bug #69669 (mysqlnd is vulnerable to BACKRONYM)Stanislav Malyshev2015-07-071-25/+40
| |
| * Fix bug #69923 - Buffer overflow and stack smashing error in phar_fix_filepathStanislav Malyshev2015-07-071-2/+8
| |
| * Fix bug #69958 - Segfault in Phar::convertToData on invalid fileStanislav Malyshev2015-07-073-34/+50
| |
* | Merge branch 'PHP-5.5' of git.php.net:php-src into PHP-5.5Stanislav Malyshev2015-07-071-1/+1
|\ \ | | | | | | | | | | | | * 'PHP-5.5' of git.php.net:php-src: add missing second argument for ucfirst to the proto
| * \ Merge branch 'PHP-5.4' into PHP-5.5Ferenc Kovacs2015-07-071-1/+1
| |\ \ | | |/ | | | | | | | | | * PHP-5.4: add missing second argument for ucfirst to the proto
| | * add missing second argument for ucfirst to the protoFerenc Kovacs2015-07-071-1/+1
| | |
* | | Merge branch 'PHP-5.4' into PHP-5.5Stanislav Malyshev2015-07-072-0/+3
|\ \ \ | | | | | | | | | | | | | | | | * PHP-5.4: Better fix for bug #69958
| * | | Better fix for bug #69958Stanislav Malyshev2015-07-072-9/+15
| | | |
* | | | Merge branch 'PHP-5.4' into PHP-5.5Stanislav Malyshev2015-07-061-9/+13
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | * PHP-5.4: Better fix for bug #69958
| * | | | Better fix for bug #69958Stanislav Malyshev2015-07-061-9/+13
| |/ / /
* | | | Merge branch 'PHP-5.4' into PHP-5.5Stanislav Malyshev2015-07-065-58/+94
|\ \ \ \ | |/ / / | | / / | |/ / |/| | | | | | | | | | | | | | | | | * PHP-5.4: Fix bug #69669 (mysqlnd is vulnerable to BACKRONYM) Fix bug #69923 - Buffer overflow and stack smashing error in phar_fix_filepath Fix bug #69958 - Segfault in Phar::convertToData on invalid file Conflicts: ext/mysqlnd/mysqlnd.c
View Lorry Controller Status