archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-18 06:58:55 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
103071 commits 526 branches 1434 tags 873 MiB
Commit graph

384 commits

Author SHA1 Message Date
Stanislav Malyshev
6e6a556b8c Merge branch 'PHP-5.5' into PHP-5.6.19 
* PHP-5.5:
  fix test file
  Fix version
  Update NEWS
 2016-03-01 22:55:49 -08:00
Stanislav Malyshev
3c8ccdd9d3 fix test file 2016-03-01 22:55:02 -08:00
Stanislav Malyshev
ae3f132be1 Merge branch 'PHP-5.6.19' into PHP-5.6 
* PHP-5.6.19:
  update NEWS
  Fix bug #71498: Out-of-Bound Read in phar_parse_zipfile()
  fix ts buld
  prep for 5.6.19RC1
  Fixed bug #71587 - Use-After-Free / Double-Free in WDDX Deserialize
 2016-03-01 22:42:16 -08:00
Stanislav Malyshev
91990bbde0 Merge branch 'PHP-5.5.33' into PHP-5.6.19 
* PHP-5.5.33:
  Fix bug #71498: Out-of-Bound Read in phar_parse_zipfile()
  Fixed bug #71587 - Use-After-Free / Double-Free in WDDX Deserialize
 2016-03-01 22:40:00 -08:00
Nikita Popov
a6afaa9a85 Merge branch 'PHP-5.6' into PHP-7.0 
Conflicts:
	ext/phar/tar.c
 2016-02-29 22:44:46 +01:00
Jos Elstgeest
50b4cafd28 Fixed bugs #71317 and #71504 
If there are duplicate filenames in tar, the last one wins.
 2016-02-29 22:34:35 +01:00
Stanislav Malyshev
a6fdc5bb27 Fix bug #71498: Out-of-Bound Read in phar_parse_zipfile() 2016-02-21 16:51:05 -08:00
Anatol Belski
b3df715f50 add test for bug #71625, 7 variant 2016-02-18 19:40:17 +01:00
Anatol Belski
688b914217 add test for bug #71625 2016-02-18 19:38:39 +01:00
Anatol Belski
c94ee2e0c8 fix dir separator in test 2016-02-15 09:00:07 +01:00
Anatol Belski
a3927fa7f5 fix dir separator in test 2016-02-15 08:58:20 +01:00
Stanislav Malyshev
0fca0d9f42 fix tests 2016-02-01 20:23:21 -08:00
Stanislav Malyshev
e231830f16 Merge branch 'PHP-5.6.18' into PHP-7.0.3 
* PHP-5.6.18:
  fix tests
  fix NEWS
  Update NEWS
  update NEWS
  Fixed bug #71488: Stack overflow when decompressing tar archives
  update NEWS
  add missing headers for SIZE_MAX
  backport the escapeshell* functions hardening branch
  add tests
  Fix bug #71459 - Integer overflow in iptcembed()
  prepare 5.6.18RC1
  Fix test when run with openssl < 1.0.2 (reorder so no more SSLv2 message) Fix skip message to work
  improve fix for bug #71201
  Fixed bug #71323 - Output of stream_get_meta_data can be falsified by its input
  Fix bug #71391: NULL Pointer Dereference in phar_tar_setupmetadata()
  Fixed bug #71331 - Uninitialized pointer in phar_make_dirstream()
  Fix bug #71335: Type Confusion in WDDX Packet Deserialization
  Fix bug #71354 - remove UMR when size is 0

Conflicts:
	configure.in
	ext/phar/dirstream.c
	ext/phar/phar_object.c
	ext/phar/tar.c
	ext/standard/exec.c
	ext/standard/iptc.c
	ext/standard/math.c
	ext/standard/streamsfuncs.c
	ext/wddx/wddx.c
	main/php_version.h
	main/streams/memory.c
 2016-02-01 20:00:01 -08:00
Stanislav Malyshev
309ead112f Merge branch 'PHP-5.5.32' into PHP-5.6.18 
* PHP-5.5.32:
  Fixed bug #71488: Stack overflow when decompressing tar archives
  update NEWS
  add missing headers for SIZE_MAX
  backport the escapeshell* functions hardening branch
  add tests
  Fix bug #71459 - Integer overflow in iptcembed()
  Fixed bug #71323 - Output of stream_get_meta_data can be falsified by its input
  Fix bug #71391: NULL Pointer Dereference in phar_tar_setupmetadata()
  Fix bug #71335: Type Confusion in WDDX Packet Deserialization
  Fix bug #71354 - remove UMR when size is 0
 2016-02-01 18:32:31 -08:00
Stanislav Malyshev
07c7df68bd Fixed bug #71488: Stack overflow when decompressing tar archives 2016-01-31 19:37:56 -08:00
Stanislav Malyshev
1c1b8b6998 Fix bug #71391: NULL Pointer Dereference in phar_tar_setupmetadata() 2016-01-16 20:43:43 -08:00
Stanislav Malyshev
4c2424eb24 Fixed bug #71331 - Uninitialized pointer in phar_make_dirstream() 2016-01-14 22:58:40 -08:00
Stanislav Malyshev
13ad4d3e97 Fix bug #71354 - remove UMR when size is 0 2016-01-13 16:32:29 -08:00
Julien Pauli
a60105d7a4 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Fixed test
  5.5.31 now
 2015-09-30 13:19:37 +02:00
Julien Pauli
0fd71d1184 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Fixed test
  5.5.31 now

Conflicts:
	configure.in
	main/php_version.h
 2015-09-30 13:19:18 +02:00
Julien Pauli
d7fb43e30d Fixed test 2015-09-30 13:18:16 +02:00
Anatol Belski
208ed0a010 fix test 
cutting out the '/' is not critical, but allows to avoid forking
 2015-09-29 09:11:52 +02:00
Stanislav Malyshev
4c6f4863fa Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  fix memory leak
  FIx bug #70433 - Uninitialized pointer in phar_make_dirstream when zip entry filename is "/"

Conflicts:
	ext/phar/dirstream.c
 2015-09-28 20:45:02 -07:00
Stanislav Malyshev
51b23cd0f0 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  fix memory leak
  FIx bug #70433 - Uninitialized pointer in phar_make_dirstream when zip entry filename is "/"

Conflicts:
	ext/phar/dirstream.c
 2015-09-28 20:44:28 -07:00
Stanislav Malyshev
e78ac461db FIx bug #70433 - Uninitialized pointer in phar_make_dirstream when zip entry filename is "/" 2015-09-28 17:12:35 -07:00
Stanislav Malyshev
e7574a5329 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Fix bug #69720: Null pointer dereference in phar_get_fp_offset()

Conflicts:
	ext/phar/util.c
 2015-09-28 17:00:32 -07:00
Stanislav Malyshev
f39a4ee0c9 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Fix bug #69720: Null pointer dereference in phar_get_fp_offset()
 2015-09-28 16:59:46 -07:00
Stanislav Malyshev
d698f0ae51 Fix bug #69720: Null pointer dereference in phar_get_fp_offset() 2015-09-28 15:56:51 -07:00
Julien Pauli
bb98ed600a Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Merge branch 'PHP-5.6'
  bump version

Conflicts:
	configure.in
	main/php_version.h
 2015-09-02 17:55:20 +02:00
Matteo Beccati
a12cef979d Merge branch 'PHP-5.6' 
* PHP-5.6:
  Added missing skipif for phar+zlib test
 2015-09-02 17:53:36 +02:00
Matteo Beccati
cb5582d3c1 Merge branch 'PHP-5.6' 
* PHP-5.6:
  Added missing skipif for phar+zlib test
 2015-08-29 10:48:53 +02:00
Matteo Beccati
9d816f1bcf Added missing skipif for phar+zlib test 2015-08-29 10:47:02 +02:00
Anatol Belski
2b9c7f881a fix tests 2015-08-21 15:13:39 +02:00
Stanislav Malyshev
ed709d5aa0 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  update NEWS
  fix test
  update NEWS
  Fix bug #70019 - limit extracted files to given directory
  Do not do convert_to_* on unserialize, it messes up references
  Fix #69793 - limit what we accept when unserializing exception
  Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
  Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
  ignore signatures for packages too
  Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
  Fixed bug #69892
  Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
  Improved fix for Bug #69441
  Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
  Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
  Fix bug #70081: check types for SOAP variables

Conflicts:
	ext/soap/php_http.c
	ext/spl/spl_observer.c
 2015-08-04 15:29:13 -07:00
Stanislav Malyshev
69ed3969dd Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fix bug #70019 - limit extracted files to given directory
  Do not do convert_to_* on unserialize, it messes up references
  Fix #69793 - limit what we accept when unserializing exception
  Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
  Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
  ignore signatures for packages too
  Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
  Fixed bug #69892
  Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
  Improved fix for Bug #69441
  Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
  Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
  Fix bug #70081: check types for SOAP variables

Conflicts:
	.gitignore
	ext/date/php_date.c
	ext/spl/spl_array.c
	ext/spl/spl_observer.c
 2015-08-04 14:10:57 -07:00
Stanislav Malyshev
dda81f0505 Fix bug #70019 - limit extracted files to given directory 2015-08-04 14:02:31 -07:00
Stanislav Malyshev
97047e7665 Merge branch 'PHP-5.6' 
* PHP-5.6:
  update NEWS
  fix test
  update NEWS
  Fix bug #70019 - limit extracted files to given directory
  Do not do convert_to_* on unserialize, it messes up references
  Fix #69793 - limit what we accept when unserializing exception
  Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
  Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
  ignore signatures for packages too
  Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
  Fixed bug #69892
  Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
  Improved fix for Bug #69441
  Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
  Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
  Fix bug #70081: check types for SOAP variables

Conflicts:
	Zend/zend_exceptions.c
	ext/date/php_date.c
	ext/openssl/openssl.c
	ext/phar/phar_internal.h
	ext/soap/php_http.c
	ext/spl/spl_array.c
	ext/spl/spl_dllist.c
	ext/spl/spl_observer.c
	ext/standard/tests/serialize/bug69152.phpt
	sapi/cli/tests/005.phpt
 2015-08-04 16:14:24 -07:00
Stanislav Malyshev
2d0771d66c Better fix for bug #69958 2015-07-07 10:18:22 -07:00
Stanislav Malyshev
00f177a5ed Fix bug #69958 - Segfault in Phar::convertToData on invalid file 2015-07-07 10:15:41 -07:00
Stanislav Malyshev
6c884e8e84 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Better fix for bug #69958
  update news
  Fix bug #69669 (mysqlnd is vulnerable to BACKRONYM)
  Fix bug #69923 - Buffer overflow and stack smashing error in phar_fix_filepath
  Fix bug #69958 - Segfault in Phar::convertToData on invalid file
  Better fix for bug #69958
  Better fix for bug #69958
  update news
  Fix bug #69669 (mysqlnd is vulnerable to BACKRONYM)
  Fix bug #69923 - Buffer overflow and stack smashing error in phar_fix_filepath
  Fix bug #69958 - Segfault in Phar::convertToData on invalid file

Conflicts:
	ext/phar/phar_object.c
 2015-07-07 10:12:51 -07:00
Stanislav Malyshev
885edfef0a Better fix for bug #69958 2015-07-07 09:38:31 -07:00
Stanislav Malyshev
bf58162ddf Fix bug #69958 - Segfault in Phar::convertToData on invalid file 2015-07-07 09:38:30 -07:00
Stanislav Malyshev
ed84af4b88 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Better fix for bug #69958
 2015-07-07 00:01:42 -07:00
Stanislav Malyshev
eda31f57fb Better fix for bug #69958 2015-07-07 00:01:26 -07:00
Stanislav Malyshev
303d97feda Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fix bug #69669 (mysqlnd is vulnerable to BACKRONYM)
  Fix bug #69923 - Buffer overflow and stack smashing error in phar_fix_filepath
  Fix bug #69958 - Segfault in Phar::convertToData on invalid file

Conflicts:
	ext/mysqlnd/mysqlnd.c
 2015-07-06 21:52:49 -07:00
Stanislav Malyshev
452d30cf7d Fix bug #69958 - Segfault in Phar::convertToData on invalid file 2015-07-04 21:01:50 -07:00
Aaron Piotrowski
110e0a5a2c Merge branch 'master' into throwable-interface 
# Conflicts:
#	Zend/zend_language_scanner.c
#	Zend/zend_language_scanner.l
#	ext/simplexml/tests/SimpleXMLElement_xpath.phpt
 2015-06-14 18:53:11 -05:00
Anatol Belski
4faf7476f9 fix dir sep in test 2015-05-26 13:09:56 +02:00
Anatol Belski
8d7003f708 Merge branch 'PHP-5.6' 
* PHP-5.6:
  fix test
  Add entry for bug #69354, fixed in 5.5.25
  Add CVE for bugs in 5.6.9
  Add entry about PCRE upgrade (rev 95fa7279)
  Add CVE for bugs in 5.5.25

Conflicts:
	ext/phar/tests/bug69441.phpt
 2015-05-22 21:32:40 +02:00
Anatol Belski
0bc3a74334 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  fix test
 2015-05-22 21:27:19 +02:00