Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | fix tests | Stanislav Malyshev | 2016-02-01 | 4 | -52/+52 | |
| | ||||||
* | Merge branch 'PHP-5.5' into PHP-5.5.32 | Stanislav Malyshev | 2016-02-01 | 50 | -1511/+3141 | |
|\ | | | | | | | | | | | * PHP-5.5: Upgrade bundled PCRE to 8.38 Fixed NEWS file entry | |||||
| * | Upgrade bundled PCRE to 8.38 | Stanislav Malyshev | 2016-01-31 | 50 | -1511/+3141 | |
| | | ||||||
* | | Fixed bug #71488: Stack overflow when decompressing tar archives | Stanislav Malyshev | 2016-01-31 | 3 | -6/+32 | |
| | | ||||||
* | | add missing headers for SIZE_MAX | Anatol Belski | 2016-01-28 | 1 | -0/+9 | |
| | | ||||||
* | | backport the escapeshell* functions hardening branch | Anatol Belski | 2016-01-28 | 3 | -5/+73 | |
| | | ||||||
* | | add tests | Anatol Belski | 2016-01-28 | 4 | -0/+44 | |
| | | ||||||
* | | Fix bug #71459 - Integer overflow in iptcembed() | Stanislav Malyshev | 2016-01-26 | 1 | -1/+6 | |
| | | ||||||
* | | Fixed bug #71323 - Output of stream_get_meta_data can be falsified by its input | Stanislav Malyshev | 2016-01-16 | 14 | -213/+244 | |
| | | ||||||
* | | Fix bug #71391: NULL Pointer Dereference in phar_tar_setupmetadata() | Stanislav Malyshev | 2016-01-16 | 3 | -0/+21 | |
| | | ||||||
* | | Fix bug #71335: Type Confusion in WDDX Packet Deserialization | Stanislav Malyshev | 2016-01-13 | 2 | -1/+35 | |
| | | ||||||
* | | Merge branch 'bug71354' into PHP-5.5.32 | Stanislav Malyshev | 2016-01-13 | 3 | -0/+14 | |
|\ \ | |/ |/| | | | | | * bug71354: Fix bug #71354 - remove UMR when size is 0 | |||||
| * | Fix bug #71354 - remove UMR when size is 0 | Stanislav Malyshev | 2016-01-13 | 3 | -0/+14 | |
| | | ||||||
* | | fix the fix for bug #70976 (imagerotate) | Remi Collet | 2016-01-12 | 2 | -4/+4 | |
|/ | ||||||
* | Improve fix for bug #70976 | Stanislav Malyshev | 2015-12-28 | 1 | -1/+1 | |
| | ||||||
* | Fixed bug #70661 (Use After Free Vulnerability in WDDX Packet Deserialization) | Stanislav Malyshev | 2015-12-28 | 2 | -1/+70 | |
| | ||||||
* | Fixed bug #70741: Session WDDX Packet Deserialization Type Confusion ↵ | Stanislav Malyshev | 2015-12-28 | 2 | -68/+97 | |
| | | | | Vulnerability | |||||
* | Fixed #70728 | Julien Pauli | 2015-12-22 | 2 | -2/+41 | |
| | ||||||
* | Fix bug #70976: fix boundary check on gdImageRotateInterpolated | Stanislav Malyshev | 2015-12-07 | 2 | -1/+14 | |
| | ||||||
* | Merge branch 'pr-1483' into PHP-5.5 | Ferenc Kovacs | 2015-10-19 | 2 | -5/+5 | |
|\ | | | | | | | | | | | | | | | * pr-1483: fixup, both catched by nikic use another character device in this test as /dev/console seems that it is different for lxc containers the de_DE(iso-8859-1) locale is not available on ubuntu by default, but there is no reason to require that over the utf-8 one let's try running our testsuite without sudo | |||||
| * | fixup, both catched by nikic | Ferenc Kovacs | 2015-08-24 | 1 | -1/+1 | |
| | | ||||||
| * | use another character device in this test as /dev/console seems that it is ↵ | Ferenc Kovacs | 2015-08-24 | 1 | -2/+2 | |
| | | | | | | | | different for lxc containers | |||||
| * | the de_DE(iso-8859-1) locale is not available on ubuntu by default, but ↵ | Ferenc Kovacs | 2015-08-24 | 1 | -2/+2 | |
| | | | | | | | | there is no reason to require that over the utf-8 one | |||||
* | | Fixed test | Julien Pauli | 2015-09-30 | 1 | -1/+1 | |
| | | ||||||
* | | Better fix for bug #70433 | Stanislav Malyshev | 2015-09-28 | 3 | -3/+5 | |
| | | ||||||
* | | fix memory leak | Stanislav Malyshev | 2015-09-28 | 1 | -0/+1 | |
| | | ||||||
* | | FIx bug #70433 - Uninitialized pointer in phar_make_dirstream when zip entry ↵ | Stanislav Malyshev | 2015-09-28 | 3 | -1/+24 | |
| | | | | | | | | filename is "/" | |||||
* | | Fix bug #69720: Null pointer dereference in phar_get_fp_offset() | Stanislav Malyshev | 2015-09-28 | 3 | -1/+45 | |
| | | ||||||
* | | Merge branch 'PHP-5.4' into PHP-5.5 | Julien Pauli | 2015-09-02 | 1 | -0/+2 | |
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.4: Merge branch 'PHP-5.6' bump version Conflicts: configure.in main/php_version.h | |||||
| * | | Merge branch 'PHP-5.6'PHP-5.4 | Matteo Beccati | 2015-09-02 | 1 | -0/+2 | |
| | | | | | | | | | | | | | | | * PHP-5.6: Added missing skipif for phar+zlib test | |||||
* | | | Merge branch 'PHP-5.5' into PHP-5.5.29 | Stanislav Malyshev | 2015-09-01 | 3 | -3/+3 | |
|\ \ \ | | | | | | | | | | | | | | | | | * PHP-5.5: fix unit tests | |||||
| * \ \ | Merge branch 'PHP-5.4' into PHP-5.5 | Stanislav Malyshev | 2015-09-01 | 3 | -3/+3 | |
| |\ \ \ | | |/ / | | | | | | | | | | | | | * PHP-5.4: fix unit tests | |||||
| | * | | fix unit tests | Stanislav Malyshev | 2015-09-01 | 3 | -3/+3 | |
| | | | | ||||||
* | | | | Merge branch 'PHP-5.5' into PHP-5.5.29 | Stanislav Malyshev | 2015-09-01 | 3 | -1/+72 | |
|\ \ \ \ | |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.5: Improve fix for #70172 Add CVE IDs asigned (post release) to PHP 5.4.43 Add CVE IDs asigned to #69085 (PHP 5.4.39) Conflicts: ext/pcre/php_pcre.c | |||||
| * | | | Merge branch 'PHP-5.4' into PHP-5.5 | Stanislav Malyshev | 2015-09-01 | 24 | -834/+977 | |
| |\ \ \ | | |/ / | | | / | | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.4: Improve fix for #70172 Fix bug #70312 - HAVAL gives wrong hashes in specific cases fix test add test Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage Fix bug #70172 - Use After Free Vulnerability in unserialize() Fix bug #70388 - SOAP serialize_function_call() type confusion Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories Improve fix for #70385 Fix bug #70345 (Multiple vulnerabilities related to PCRE functions) Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes) Fix bug #70219 (Use after free vulnerability in session deserializer) Fix for bug #69782 Add CVE IDs asigned (post release) to PHP 5.4.43 Add CVE IDs asigned to #69085 (PHP 5.4.39) 5.4.45 next Conflicts: configure.in ext/pcre/php_pcre.c ext/standard/var_unserializer.c ext/standard/var_unserializer.re main/php_version.h | |||||
| | * | Improve fix for #70172 | Stanislav Malyshev | 2015-09-01 | 3 | -1/+72 | |
| | | | ||||||
* | | | Merge branch 'PHP-5.4.45' into PHP-5.5.29 | Stanislav Malyshev | 2015-09-01 | 2 | -5/+23 | |
|\ \ \ | | |/ | |/| | | | | | | | * PHP-5.4.45: Fix bug #70312 - HAVAL gives wrong hashes in specific cases | |||||
| * | | Fix bug #70312 - HAVAL gives wrong hashes in specific cases | Stanislav Malyshev | 2015-09-01 | 2 | -5/+23 | |
| | | | ||||||
* | | | Merge branch 'PHP-5.4.45' into PHP-5.5.29 | Stanislav Malyshev | 2015-09-01 | 1 | -1/+1 | |
|\ \ \ | |/ / | | | | | | | | | | * PHP-5.4.45: fix test | |||||
| * | | fix test | Stanislav Malyshev | 2015-09-01 | 1 | -1/+1 | |
| | | | ||||||
* | | | Merge branch 'PHP-5.4.45' into PHP-5.5.29 | Stanislav Malyshev | 2015-09-01 | 16 | -267/+587 | |
|\ \ \ | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.4.45: add test Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage Fix bug #70172 - Use After Free Vulnerability in unserialize() Fix bug #70388 - SOAP serialize_function_call() type confusion Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories Improve fix for #70385 Fix bug #70345 (Multiple vulnerabilities related to PCRE functions) Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes) Conflicts: ext/pcre/php_pcre.c ext/standard/var_unserializer.c | |||||
| * | | add test | Stanislav Malyshev | 2015-09-01 | 1 | -0/+50 | |
| | | | ||||||
| * | | Fix bug #70366 - use-after-free vulnerability in unserialize() with ↵ | Stanislav Malyshev | 2015-09-01 | 3 | -1/+56 | |
| | | | | | | | | | | | | SplDoublyLinkedList | |||||
| * | | Fix bug #70365 - use-after-free vulnerability in unserialize() with ↵ | Stanislav Malyshev | 2015-09-01 | 2 | -0/+52 | |
| | | | | | | | | | | | | SplObjectStorage | |||||
| * | | Fix bug #70172 - Use After Free Vulnerability in unserialize() | Stanislav Malyshev | 2015-08-31 | 4 | -42/+121 | |
| | | | ||||||
| * | | Fix bug #70388 - SOAP serialize_function_call() type confusion | Stanislav Malyshev | 2015-08-31 | 2 | -44/+69 | |
| | | | ||||||
| * | | Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when ↵ | Stanislav Malyshev | 2015-08-30 | 2 | -39/+72 | |
| | | | | | | | | | | | | creating directories | |||||
| * | | Improve fix for #70385 | Stanislav Malyshev | 2015-08-29 | 1 | -2/+2 | |
| | | | ||||||
| * | | Fix bug #70345 (Multiple vulnerabilities related to PCRE functions) | Stanislav Malyshev | 2015-08-28 | 2 | -76/+100 | |
| | | | ||||||
| * | | Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte ↵ | Stanislav Malyshev | 2015-08-28 | 1 | -104/+104 | |
| | | | | | | | | | | | | value of 32 bytes) |