]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | combined (merge: fc8eff8 c8f07ad)
Merge branch 'PHP-5.4.45' into PHP-5.5.29
authorStanislav Malyshev <stas@php.net>
Tue, 1 Sep 2015 07:28:39 +0000 (00:28 -0700)
committerStanislav Malyshev <stas@php.net>
Tue, 1 Sep 2015 07:28:39 +0000 (00:28 -0700)
* PHP-5.4.45:
  add test
  Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
  Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
  Fix bug #70172 - Use After Free Vulnerability in unserialize()
  Fix bug #70388 - SOAP serialize_function_call() type confusion
  Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
  Improve fix for #70385
  Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
  Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)

Conflicts:
ext/pcre/php_pcre.c
ext/standard/var_unserializer.c

1  2 
ext/exif/exif.c patch | diff1 | diff2 | blob | history
ext/pcre/php_pcre.c patch | diff1 | diff2 | blob | history
ext/soap/soap.c patch | diff1 | diff2 | blob | history
ext/spl/spl_dllist.c patch | diff1 | diff2 | blob | history
ext/spl/spl_observer.c patch | diff1 | diff2 | blob | history
ext/standard/var.c patch | diff1 | diff2 | blob | history
ext/standard/var_unserializer.c patch | diff1 | diff2 | blob | history
ext/standard/var_unserializer.re patch | diff1 | diff2 | blob | history
ext/zip/php_zip.c patch | diff1 | diff2 | blob | history

diff --cc ext/exif/exif.c
Simple merge
diff --cc ext/pcre/php_pcre.c
index 7cc16ca6e64c8043f7bb7677365383f4bde166de,071b1a7dcfc5c2241b6a017b9f1f58ac2a07134c..06e35e537a12685d152c5376a3915f1927daa43d
--- 1/ext/pcre/php_pcre.c
--- 2/ext/pcre/php_pcre.c
+++ b/ext/pcre/php_pcre.c
@@@ -571,10 -550,8 +571,10 @@@ static void php_do_pcre_match(INTERNAL_
                RETURN_FALSE;
        }
  
-       php_pcre_match_impl(pce, subject, subject_len, return_value, subpats, 
 +      pce->refcount++;
+       php_pcre_match_impl(pce, subject, subject_len, return_value, subpats,
                global, ZEND_NUM_ARGS() >= 4, flags, start_offset TSRMLS_CC);
 +      pce->refcount--;
  }
  /* }}} */
  
diff --cc ext/soap/soap.c
Simple merge
diff --cc ext/spl/spl_dllist.c
Simple merge
diff --cc ext/spl/spl_observer.c
Simple merge
diff --cc ext/standard/var.c
Simple merge
diff --cc ext/standard/var_unserializer.c
Simple merge
diff --cc ext/standard/var_unserializer.re
Simple merge
diff --cc ext/zip/php_zip.c
Simple merge
Unnamed repository; edit this file 'description' to name the repository.