archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
101279 commits 526 branches 1434 tags 865 MiB
Commit graph

253 commits

Author SHA1 Message Date
Xinchen Hui
ccd4716ec7 year++ 2018-01-02 12:53:31 +08:00
Remi Collet
d773a92f3c Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  Better fix bug #75540 Segfault with libzip 1.3.1 - only 1.3.1 is affected - fix use after free
 2017-11-20 09:42:47 +01:00
Remi Collet
702ef27364 Better fix bug #75540 Segfault with libzip 1.3.1 
- only 1.3.1 is affected
- fix use after free
 2017-11-20 09:42:20 +01:00
Remi Collet
0c54397879 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  NEWS
  fix bug #75540 Segfault with libzip 1.3.1
 2017-11-20 08:50:51 +01:00
Remi Collet
de47d4792f fix bug #75540 Segfault with libzip 1.3.1 2017-11-20 08:49:46 +01:00
Remi Collet
2f955d5d0a Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  make type consistent with glob_t.gl_pathc
 2017-03-01 17:02:42 +01:00
Remi Collet
53a08fd07d make type consistent with glob_t.gl_pathc 2017-03-01 17:01:58 +01:00
Stanislav Malyshev
19e80ef496 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  Update more functions with path check
 2017-01-15 17:32:37 -08:00
Stanislav Malyshev
43d0f2abc5 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Update more functions with path check
 2017-01-15 17:32:26 -08:00
Stanislav Malyshev
0ab1af7d3e Update more functions with path check 2017-01-15 17:31:08 -08:00
Christoph M. Becker
cc75e8bca5 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  Fix #70103: Fix bug 70103 when ZTS is enabled
 2017-01-06 15:44:31 +01:00
Mitch Hagstrand
ad08aa3956 Fix #70103: Fix bug 70103 when ZTS is enabled 
Used snprintf to copy the basename string before it is freed
 2017-01-06 15:26:17 +01:00
Joe Watkins
3f89aec716
Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  Fix #70103: ZipArchive::addGlob ignores remove_all_path option
  news entry for PR #1430
 2017-01-06 05:40:41 +00:00
Joe Watkins
a49aaf9ab0
Merge branch 'pull-request/1430' into PHP-7.0 
* pull-request/1430:
  Fix #70103: ZipArchive::addGlob ignores remove_all_path option
  news entry for PR 1430
 2017-01-06 05:39:48 +00:00
Sammy Kaye Powers
dac6c639bb Update copyright headers to 2017 2017-01-04 11:23:42 -06:00
Sammy Kaye Powers
478f119ab9 Update copyright headers to 2017 2017-01-04 11:14:55 -06:00
Stanislav Malyshev
25d04ad8e3 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  Add length check for bzcompress too - fix for bug #73356
  More string length checks & fixes
  More string length checks & fixes
 2016-11-03 22:53:05 -07:00
Stanislav Malyshev
1fd18821e0 More string length checks & fixes 2016-11-03 21:35:09 -07:00
Stanislav Malyshev
6e12e49b5b Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  More string length checks & fixes
 2016-11-03 20:46:25 -07:00
Stanislav Malyshev
ea9fac94bb More string length checks & fixes 2016-11-03 20:36:52 -07:00
Christoph M. Becker
1928cdcacb Merge branch 'PHP-7.0' into PHP-7.1 2016-09-06 01:18:22 +02:00
Christoph M. Becker
81ec843d0e Merge branch 'PHP-5.6' into PHP-7.0 2016-09-06 01:15:36 +02:00
Christoph M. Becker
8aad3131a1 Fix #70752: Depacking with wrong password leaves 0 length files 
We should not open the output stream before we have tried to open the
archive entry, as failing the latter could leave an empty file behind.
 2016-09-06 01:03:46 +02:00
Xinchen Hui
393d56f1e3 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  Fixed bug #72660 (NULL Pointer dereference in zend_virtual_cwd)
 2016-07-24 23:58:50 +08:00
Xinchen Hui
ad96a052d9 Fixed bug #72660 (NULL Pointer dereference in zend_virtual_cwd) 2016-07-24 23:58:22 +08:00
Aaron Piotrowski
24237027bc Merge branch 'throw-error-in-extensions' 2016-07-05 02:08:39 -05:00
Dmitry Stogov
323b2733f6 Fixed compilation warnings 2016-06-22 00:40:50 +03:00
Dmitry Stogov
1616038698 Added ZEND_ATTRIBUTE_FORMAT to some middind functions. 
"%p" replaced by ZEND_LONG_FMT to avoid compilation warnings.
Fixed most incorrect use cases of format specifiers.
 2016-06-21 16:00:37 +03:00
Stanislav Malyshev
3e0397c25c Merge branch 'PHP-7.0' 
* PHP-7.0:
  iFixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
  update NEWS
  fix tests
  fix build
  Fix bug #72455:  Heap Overflow due to integer overflows
  Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
  Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize
  Fix bug #72407: NULL Pointer Dereference at _gdScaleVert
  Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free
  Fix bug #72298	pass2_no_dither out-of-bounds access
  Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
  Fix bug #72262 - do not overflow int
  Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
  Fix bug #72275: don't allow smart_str to overflow int
  Fix bug #72340: Double Free Courruption in wddx_deserialize
  Fix bug #72321 - use efree() for emalloc allocation
  5.6.23RC1
  fix NEWS
  set versions
 2016-06-21 00:27:01 -07:00
Stanislav Malyshev
2a65544f78 Merge branch 'PHP-5.6.23' into PHP-7.0.8 
* PHP-5.6.23: (24 commits)
  iFixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
  update NEWS
  fix tests
  fix build
  Fix bug #72455:  Heap Overflow due to integer overflows
  Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
  Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize
  Fix bug #72407: NULL Pointer Dereference at _gdScaleVert
  Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free
  Fix bug #72298	pass2_no_dither out-of-bounds access
  Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
  Fix bug #72262 - do not overflow int
  Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
  Fix bug #72275: don't allow smart_str to overflow int
  Fix bug #72340: Double Free Courruption in wddx_deserialize
  update NEWS
  Fix #66387: Stack overflow with imagefilltoborder
  Fix bug #72321 - use efree() for emalloc allocation
  5.6.23RC1
  Fix bug #72140 (segfault after calling ERR_free_strings())
  ...

Conflicts:
	configure.in
	ext/mbstring/php_mbregex.c
	ext/mcrypt/mcrypt.c
	ext/spl/spl_array.c
	ext/spl/spl_directory.c
	ext/standard/php_smart_str.h
	ext/standard/string.c
	ext/standard/url.c
	ext/wddx/wddx.c
	ext/zip/php_zip.c
	main/php_version.h
 2016-06-21 00:24:32 -07:00
Stanislav Malyshev
7dde353ee7 Merge branch 'PHP-5.5' into PHP-5.6.23 
* PHP-5.5:
  Fixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
  update NEWS
  fix tests
  fix build
  Fix bug #72455:  Heap Overflow due to integer overflows
  Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
  Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize
  Fix bug #72407: NULL Pointer Dereference at _gdScaleVert
  Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free
  Fix bug #72298	pass2_no_dither out-of-bounds access
  Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
  Fix bug #72262 - do not overflow int
  Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
  Fix bug #72275: don't allow smart_str to overflow int
  Fix bug #72340: Double Free Courruption in wddx_deserialize
  update NEWS
  Fix #66387: Stack overflow with imagefilltoborder
  Skip test which is 64bits only
  5.5.37 now

Conflicts:
	configure.in
	ext/mcrypt/mcrypt.c
	ext/spl/spl_directory.c
	main/php_version.h
 2016-06-21 00:01:48 -07:00
Stanislav Malyshev
f6aef68089 Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize 2016-06-20 21:35:22 -07:00
Aaron Piotrowski
771e5cc247 Replace zend_ce_error with NULL and replace more E_ERROR with thrown Error 2016-06-13 09:02:17 -05:00
Aaron Piotrowski
e3c681aa5c Merge branch 'master' into throw-error-in-extensions 2016-06-10 22:02:23 -05:00
Anatol Belski
2c80459c24 Expose missing flags from libzip at least >= 0.11.x 
These are helpful with reading/writing zips containing non UTF-8
filenames to mitigate possibly changed libzip behaviors.

Partial cherry-pick of 893c2405ff
 2016-05-30 10:32:43 +02:00
Anatol Belski
893c2405ff Expose missing flags from libzip at least >= 0.11.x 
These are helpful with reading/writing zips containing non UTF-8
filenames to mitigate possibly changed libzip behaviors.
 2016-05-25 22:13:25 +02:00
Stanislav Malyshev
ccc12efa32 Fix bug #71923 - integer overflow in ZipArchive::getFrom* 2016-04-26 22:59:09 -07:00
Remi Collet
e8385a60b3 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  cleanup $Id
 2016-02-22 09:26:14 +01:00
Remi Collet
d20f1d8f1f cleanup $Id 2016-02-22 09:26:00 +01:00
Stanislav Malyshev
9afb29aa68 Remove TSRMLS_* from code, they are not used anymore 2016-02-17 22:44:05 -08:00
Nikita Popov
c9357f82d3 Format string fixes 
Conflicts:
	ext/pgsql/pgsql.c
 2016-02-14 14:45:53 +01:00
Xinchen Hui
33417bf409 Merge branch 'PHP-5.6' into PHP-7.0 
Conflicts:
	ext/zip/php_zip.c
 2016-02-09 23:35:55 +08:00
Xinchen Hui
f45752eb83 Fixed bug #71561 (NULL pointer dereference in Zip::ExtractTo) 2016-02-09 23:32:20 +08:00
Lior Kaplan
ed35de784f Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Happy new year (Update copyright to 2016)
 2016-01-01 19:48:25 +02:00
Lior Kaplan
49493a2dcf Happy new year (Update copyright to 2016) 2016-01-01 19:21:47 +02:00
Dmitry Stogov
ad4fa8f758 Fixed incorrect usage of HASH_OF() macro. Replaced HASH_OF() with more appropriate Z_ARRVAL_P() or Z_OBJPROP_P(). 2015-09-24 22:39:59 +03:00
Remi Collet
a5d6cf788e Merge branch 'PHP-5.6' 
* PHP-5.6:
  Fix build
 2015-09-07 13:55:19 +02:00
Remi Collet
debfc866d2 Fix build 
php_zip.c:1647:2: warning: suggest parentheses around assignment used as truth value [-Wparentheses]
php_zip.c:1648:3: error: format not a string literal and no format arguments [-Werror=format-security]
 2015-09-07 13:52:28 +02:00
Christoph M. Becker
0836d6484c Merge branch 'PHP-5.6' 
* PHP-5.6:
  Fix #70322: ZipArchive::close() doesn't indicate errors
 2015-09-05 00:43:41 +02:00
Christoph M. Becker
c77f783777 Fix #70322: ZipArchive::close() doesn't indicate errors 
If an archive can't be written, ZipArchive::close() nonetheless returns TRUE.
We fix the return value to properly return success, and additionally raise a
warning on failure.
 2015-09-05 00:34:10 +02:00