]>
granicus.if.org Git - php/log
Stanislav Malyshev [Mon, 28 Mar 2016 08:22:37 +0000 (01:22 -0700)]
Fixed bug #71906: AddressSanitizer: negative-size-param (-1) in mbfl_strcut
Stanislav Malyshev [Sun, 27 Mar 2016 21:22:19 +0000 (14:22 -0700)]
Fix bug #71798 - Integer Overflow in php_raw_url_encode
Stanislav Malyshev [Mon, 21 Mar 2016 03:54:09 +0000 (20:54 -0700)]
Fix bug #71860: Require valid paths for phar filenames
Julien Pauli [Wed, 2 Mar 2016 10:02:42 +0000 (11:02 +0100)]
Going for 5.5.34
Stanislav Malyshev [Wed, 2 Mar 2016 06:55:02 +0000 (22:55 -0800)]
fix test file
Stanislav Malyshev [Wed, 2 Mar 2016 06:47:27 +0000 (22:47 -0800)]
Fix version
Stanislav Malyshev [Wed, 2 Mar 2016 06:37:23 +0000 (22:37 -0800)]
Update NEWS
Stanislav Malyshev [Mon, 22 Feb 2016 00:51:05 +0000 (16:51 -0800)]
Fix bug #71498: Out-of-Bound Read in phar_parse_zipfile()
Stanislav Malyshev [Mon, 15 Feb 2016 06:34:39 +0000 (22:34 -0800)]
Fixed bug #71587 - Use-After-Free / Double-Free in WDDX Deserialize
Anatol Belski [Tue, 2 Feb 2016 13:19:10 +0000 (14:19 +0100)]
add error check to sysconf call
Julien Pauli [Tue, 2 Feb 2016 09:42:49 +0000 (10:42 +0100)]
Going for 5.5.33 now
Stanislav Malyshev [Tue, 2 Feb 2016 02:58:02 +0000 (18:58 -0800)]
fix tests
Stanislav Malyshev [Tue, 2 Feb 2016 02:47:56 +0000 (18:47 -0800)]
fix NEWS
Stanislav Malyshev [Tue, 2 Feb 2016 02:44:33 +0000 (18:44 -0800)]
update NEWS
Stanislav Malyshev [Tue, 2 Feb 2016 02:28:49 +0000 (18:28 -0800)]
Merge branch 'PHP-5.5' into PHP-5.5.32
* PHP-5.5:
Upgrade bundled PCRE to 8.38
Fixed NEWS file entry
Stanislav Malyshev [Mon, 1 Feb 2016 04:33:17 +0000 (20:33 -0800)]
Upgrade bundled PCRE to 8.38
Stanislav Malyshev [Mon, 1 Feb 2016 03:37:56 +0000 (19:37 -0800)]
Fixed bug #71488: Stack overflow when decompressing tar archives
Anatol Belski [Thu, 28 Jan 2016 12:57:44 +0000 (13:57 +0100)]
update NEWS
Anatol Belski [Thu, 28 Jan 2016 12:46:34 +0000 (13:46 +0100)]
add missing headers for SIZE_MAX
Anatol Belski [Thu, 28 Jan 2016 12:45:43 +0000 (13:45 +0100)]
backport the escapeshell* functions hardening branch
Anatol Belski [Thu, 28 Jan 2016 12:27:26 +0000 (13:27 +0100)]
add tests
Julien Pauli [Thu, 28 Jan 2016 11:47:53 +0000 (12:47 +0100)]
Fixed NEWS file entry
Stanislav Malyshev [Wed, 27 Jan 2016 01:26:52 +0000 (17:26 -0800)]
Fix bug #71459 - Integer overflow in iptcembed()
Stanislav Malyshev [Sun, 17 Jan 2016 06:10:54 +0000 (22:10 -0800)]
Fixed bug #71323 - Output of stream_get_meta_data can be falsified by its input
Stanislav Malyshev [Sun, 17 Jan 2016 04:43:43 +0000 (20:43 -0800)]
Fix bug #71391: NULL Pointer Dereference in phar_tar_setupmetadata()
Stanislav Malyshev [Thu, 14 Jan 2016 00:43:04 +0000 (16:43 -0800)]
Fix bug #71335: Type Confusion in WDDX Packet Deserialization
Stanislav Malyshev [Thu, 14 Jan 2016 00:33:37 +0000 (16:33 -0800)]
Merge branch 'bug71354' into PHP-5.5.32
* bug71354:
Fix bug #71354 - remove UMR when size is 0
Stanislav Malyshev [Thu, 14 Jan 2016 00:32:29 +0000 (16:32 -0800)]
Fix bug #71354 - remove UMR when size is 0
Remi Collet [Tue, 12 Jan 2016 12:52:27 +0000 (13:52 +0100)]
fix the fix for bug #70976 (imagerotate)
Julien Pauli [Thu, 7 Jan 2016 12:04:35 +0000 (13:04 +0100)]
5.5.32 now
Stanislav Malyshev [Wed, 6 Jan 2016 03:28:24 +0000 (19:28 -0800)]
Update NEWS
Stanislav Malyshev [Tue, 29 Dec 2015 07:44:14 +0000 (23:44 -0800)]
Improve fix for bug #70976
Stanislav Malyshev [Mon, 28 Dec 2015 22:46:35 +0000 (14:46 -0800)]
Fixed bug #70661 (Use After Free Vulnerability in WDDX Packet Deserialization)
Stanislav Malyshev [Mon, 28 Dec 2015 20:42:44 +0000 (12:42 -0800)]
Fixed bug #70741: Session WDDX Packet Deserialization Type Confusion Vulnerability
Julien Pauli [Tue, 22 Dec 2015 13:28:19 +0000 (14:28 +0100)]
Fixed #70728
Stanislav Malyshev [Tue, 8 Dec 2015 08:10:07 +0000 (00:10 -0800)]
Fixed bug #70755: fpm_log.c memory leak and buffer overflow
Stanislav Malyshev [Tue, 8 Dec 2015 07:30:49 +0000 (23:30 -0800)]
Fix bug #70976: fix boundary check on gdImageRotateInterpolated
Stanislav Malyshev [Sun, 6 Dec 2015 22:07:39 +0000 (14:07 -0800)]
typofix
Ferenc Kovacs [Mon, 19 Oct 2015 20:44:19 +0000 (22:44 +0200)]
Merge branch 'pr-1483' into PHP-5.5
* pr-1483:
fixup, both catched by nikic
use another character device in this test as /dev/console seems that it is different for lxc containers
the de_DE(iso-8859-1) locale is not available on ubuntu by default, but there is no reason to require that over the utf-8 one
let's try running our testsuite without sudo
Julien Pauli [Wed, 30 Sep 2015 11:18:16 +0000 (13:18 +0200)]
Fixed test
Julien Pauli [Wed, 30 Sep 2015 11:01:11 +0000 (13:01 +0200)]
5.5.31 now
Ferenc Kovacs [Tue, 29 Sep 2015 23:15:24 +0000 (01:15 +0200)]
add NEWS entries
Stanislav Malyshev [Tue, 29 Sep 2015 04:37:26 +0000 (21:37 -0700)]
Better fix for bug #70433
Stanislav Malyshev [Tue, 29 Sep 2015 03:43:18 +0000 (20:43 -0700)]
fix memory leak
Stanislav Malyshev [Tue, 29 Sep 2015 00:12:35 +0000 (17:12 -0700)]
FIx bug #70433 - Uninitialized pointer in phar_make_dirstream when zip entry filename is "/"
Stanislav Malyshev [Mon, 28 Sep 2015 22:51:59 +0000 (15:51 -0700)]
Fix bug #69720: Null pointer dereference in phar_get_fp_offset()
Julien Pauli [Wed, 2 Sep 2015 15:55:20 +0000 (17:55 +0200)]
Merge branch 'PHP-5.4' into PHP-5.5
* PHP-5.4:
Merge branch 'PHP-5.6'
bump version
Conflicts:
configure.in
main/php_version.h
Matteo Beccati [Sat, 29 Aug 2015 08:48:53 +0000 (10:48 +0200)]
Merge branch 'PHP-5.6'
* PHP-5.6:
Added missing skipif for phar+zlib test
Julien Pauli [Wed, 2 Sep 2015 15:40:56 +0000 (17:40 +0200)]
5.5.30 next
Stanislav Malyshev [Tue, 1 Sep 2015 20:12:16 +0000 (13:12 -0700)]
bump version
Stanislav Malyshev [Tue, 1 Sep 2015 19:24:06 +0000 (12:24 -0700)]
Merge branch 'PHP-5.5' into PHP-5.5.29
* PHP-5.5:
fix unit tests
Stanislav Malyshev [Tue, 1 Sep 2015 19:23:55 +0000 (12:23 -0700)]
Merge branch 'PHP-5.4' into PHP-5.5
* PHP-5.4:
fix unit tests
Stanislav Malyshev [Tue, 1 Sep 2015 19:23:22 +0000 (12:23 -0700)]
fix unit tests
Stanislav Malyshev [Tue, 1 Sep 2015 19:04:04 +0000 (12:04 -0700)]
Merge branch 'PHP-5.5' into PHP-5.5.29
* PHP-5.5:
update NEWS
add NEWS for fixes
Stanislav Malyshev [Tue, 1 Sep 2015 19:03:48 +0000 (12:03 -0700)]
update NEWS
Stanislav Malyshev [Tue, 1 Sep 2015 19:00:30 +0000 (12:00 -0700)]
Merge branch 'PHP-5.4' into PHP-5.5
* PHP-5.4:
add NEWS for fixes
Stanislav Malyshev [Tue, 1 Sep 2015 18:53:59 +0000 (11:53 -0700)]
add NEWS for fixes
Stanislav Malyshev [Tue, 1 Sep 2015 18:43:27 +0000 (11:43 -0700)]
Merge branch 'PHP-5.5' into PHP-5.5.29
* PHP-5.5:
Improve fix for #70172
Add CVE IDs asigned (post release) to PHP 5.4.43
Add CVE IDs asigned to #69085 (PHP 5.4.39)
Conflicts:
ext/pcre/php_pcre.c
Stanislav Malyshev [Tue, 1 Sep 2015 18:42:19 +0000 (11:42 -0700)]
Merge branch 'PHP-5.4' into PHP-5.5
* PHP-5.4:
Improve fix for #70172
Fix bug #70312 - HAVAL gives wrong hashes in specific cases
fix test
add test
Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
Fix bug #70172 - Use After Free Vulnerability in unserialize()
Fix bug #70388 - SOAP serialize_function_call() type confusion
Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
Improve fix for #70385
Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
Fix bug #70219 (Use after free vulnerability in session deserializer)
Fix for bug #69782
Add CVE IDs asigned (post release) to PHP 5.4.43
Add CVE IDs asigned to #69085 (PHP 5.4.39)
5.4.45 next
Conflicts:
configure.in
ext/pcre/php_pcre.c
ext/standard/var_unserializer.c
ext/standard/var_unserializer.re
main/php_version.h
Stanislav Malyshev [Tue, 1 Sep 2015 18:40:15 +0000 (11:40 -0700)]
Merge branch 'PHP-5.4.45' into PHP-5.4
* PHP-5.4.45:
Improve fix for #70172
Fix bug #70312 - HAVAL gives wrong hashes in specific cases
fix test
add test
Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
Fix bug #70172 - Use After Free Vulnerability in unserialize()
Fix bug #70388 - SOAP serialize_function_call() type confusion
Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
Improve fix for #70385
Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
Fix bug #70219 (Use after free vulnerability in session deserializer)
Fix for bug #69782
Stanislav Malyshev [Tue, 1 Sep 2015 18:38:15 +0000 (11:38 -0700)]
Improve fix for #70172
Stanislav Malyshev [Tue, 1 Sep 2015 08:17:12 +0000 (01:17 -0700)]
Merge branch 'PHP-5.4.45' into PHP-5.5.29
* PHP-5.4.45:
Fix bug #70312 - HAVAL gives wrong hashes in specific cases
Stanislav Malyshev [Tue, 1 Sep 2015 08:16:30 +0000 (01:16 -0700)]
Fix bug #70312 - HAVAL gives wrong hashes in specific cases
Stanislav Malyshev [Tue, 1 Sep 2015 07:59:55 +0000 (00:59 -0700)]
Merge branch 'PHP-5.4.45' into PHP-5.5.29
* PHP-5.4.45:
fix test
Stanislav Malyshev [Tue, 1 Sep 2015 07:59:31 +0000 (00:59 -0700)]
fix test
Stanislav Malyshev [Tue, 1 Sep 2015 07:28:39 +0000 (00:28 -0700)]
Merge branch 'PHP-5.4.45' into PHP-5.5.29
* PHP-5.4.45:
add test
Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
Fix bug #70172 - Use After Free Vulnerability in unserialize()
Fix bug #70388 - SOAP serialize_function_call() type confusion
Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
Improve fix for #70385
Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
Conflicts:
ext/pcre/php_pcre.c
ext/standard/var_unserializer.c
Stanislav Malyshev [Tue, 1 Sep 2015 07:26:12 +0000 (00:26 -0700)]
add test
Stanislav Malyshev [Tue, 1 Sep 2015 07:20:45 +0000 (00:20 -0700)]
Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
Stanislav Malyshev [Tue, 1 Sep 2015 07:14:15 +0000 (00:14 -0700)]
Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
Stanislav Malyshev [Tue, 1 Sep 2015 04:28:11 +0000 (21:28 -0700)]
Fix bug #70172 - Use After Free Vulnerability in unserialize()
Stanislav Malyshev [Tue, 1 Sep 2015 04:06:03 +0000 (21:06 -0700)]
Fix bug #70388 - SOAP serialize_function_call() type confusion
Stanislav Malyshev [Sun, 30 Aug 2015 07:38:08 +0000 (00:38 -0700)]
Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
Stanislav Malyshev [Sun, 30 Aug 2015 06:01:36 +0000 (23:01 -0700)]
Improve fix for #70385
Stanislav Malyshev [Sat, 29 Aug 2015 05:52:50 +0000 (22:52 -0700)]
Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
Stanislav Malyshev [Sat, 29 Aug 2015 05:25:41 +0000 (22:25 -0700)]
Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
Stanislav Malyshev [Sat, 29 Aug 2015 04:50:21 +0000 (21:50 -0700)]
More fixes for bug #70219
Stanislav Malyshev [Wed, 26 Aug 2015 06:08:49 +0000 (23:08 -0700)]
Merge branch 'PHP-5.4.45' into PHP-5.5.29
* PHP-5.4.45:
Fix bug #70219 (Use after free vulnerability in session deserializer)
Fix for bug #69782
5.4.45 next
Conflicts:
configure.in
ext/standard/var_unserializer.c
ext/standard/var_unserializer.re
main/php_version.h
Ferenc Kovacs [Mon, 24 Aug 2015 15:02:25 +0000 (17:02 +0200)]
fixup, both catched by nikic
Ferenc Kovacs [Mon, 24 Aug 2015 06:52:31 +0000 (08:52 +0200)]
use another character device in this test as /dev/console seems that it is different for lxc containers
Ferenc Kovacs [Mon, 24 Aug 2015 00:21:09 +0000 (02:21 +0200)]
the de_DE(iso-8859-1) locale is not available on ubuntu by default, but there is no reason to require that over the utf-8 one
Stanislav Malyshev [Sun, 23 Aug 2015 20:27:59 +0000 (13:27 -0700)]
Fix bug #70219 (Use after free vulnerability in session deserializer)
Ferenc Kovacs [Sun, 23 Aug 2015 20:47:51 +0000 (22:47 +0200)]
let's try running our testsuite without sudo
Stanislav Malyshev [Mon, 17 Aug 2015 00:16:15 +0000 (17:16 -0700)]
Fix for bug #69782
Lior Kaplan [Mon, 10 Aug 2015 08:19:18 +0000 (11:19 +0300)]
Add CVE IDs asigned (post release) to PHP 5.4.43
Lior Kaplan [Mon, 10 Aug 2015 08:18:33 +0000 (11:18 +0300)]
Add CVE IDs asigned to #69085 (PHP 5.4.39)
Stanislav Malyshev [Wed, 5 Aug 2015 06:59:55 +0000 (23:59 -0700)]
5.5.29 next
Stanislav Malyshev [Wed, 5 Aug 2015 06:56:15 +0000 (23:56 -0700)]
5.4.45 next
Stanislav Malyshev [Tue, 4 Aug 2015 23:45:32 +0000 (16:45 -0700)]
Merge branch 'PHP-5.4' into PHP-5.5
* PHP-5.4:
fix test
Stanislav Malyshev [Tue, 4 Aug 2015 23:45:20 +0000 (16:45 -0700)]
fix test
Stanislav Malyshev [Tue, 4 Aug 2015 23:13:43 +0000 (16:13 -0700)]
Merge branch 'PHP-5.4' into PHP-5.5
* PHP-5.4:
__wakeup doesn't have to be final
Stanislav Malyshev [Tue, 4 Aug 2015 23:13:26 +0000 (16:13 -0700)]
__wakeup doesn't have to be final
Stanislav Malyshev [Tue, 4 Aug 2015 22:22:59 +0000 (15:22 -0700)]
update NEWS
Stanislav Malyshev [Tue, 4 Aug 2015 21:46:30 +0000 (14:46 -0700)]
Merge branch 'PHP-5.4' into PHP-5.5
* PHP-5.4:
fix test
update NEWS
Stanislav Malyshev [Tue, 4 Aug 2015 21:46:19 +0000 (14:46 -0700)]
fix test
Stanislav Malyshev [Tue, 4 Aug 2015 21:37:28 +0000 (14:37 -0700)]
update NEWS
Stanislav Malyshev [Tue, 4 Aug 2015 21:10:57 +0000 (14:10 -0700)]
Merge branch 'PHP-5.4' into PHP-5.5
* PHP-5.4:
Fix bug #70019 - limit extracted files to given directory
Do not do convert_to_* on unserialize, it messes up references
Fix #69793 - limit what we accept when unserializing exception
Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
ignore signatures for packages too
Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
Fixed bug #69892
Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
Improved fix for Bug #69441
Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
Fix bug #70081: check types for SOAP variables
Conflicts:
.gitignore
ext/date/php_date.c
ext/spl/spl_array.c
ext/spl/spl_observer.c
Stanislav Malyshev [Tue, 4 Aug 2015 21:04:24 +0000 (14:04 -0700)]
Merge branch 'PHP-5.4' into PHP-5.4.44
* PHP-5.4:
Fixed bug #69892
Adjust Git-Rules
Stanislav Malyshev [Tue, 4 Aug 2015 21:00:29 +0000 (14:00 -0700)]
Fix bug #70019 - limit extracted files to given directory
Stanislav Malyshev [Sun, 2 Aug 2015 07:34:09 +0000 (00:34 -0700)]
Do not do convert_to_* on unserialize, it messes up references
Stanislav Malyshev [Mon, 27 Jul 2015 08:38:27 +0000 (01:38 -0700)]
Fix #69793 - limit what we accept when unserializing exception