]> granicus.if.org Git - php/log
php
8 years agoFix bug #71860: Require valid paths for phar filenames
Stanislav Malyshev [Mon, 21 Mar 2016 03:54:09 +0000 (20:54 -0700)]
Fix bug #71860: Require valid paths for phar filenames

8 years agoGoing for 5.5.34
Julien Pauli [Wed, 2 Mar 2016 10:02:42 +0000 (11:02 +0100)]
Going for 5.5.34

8 years agofix test file
Stanislav Malyshev [Wed, 2 Mar 2016 06:55:02 +0000 (22:55 -0800)]
fix test file

8 years agoFix version
Stanislav Malyshev [Wed, 2 Mar 2016 06:47:27 +0000 (22:47 -0800)]
Fix version

8 years agoUpdate NEWS
Stanislav Malyshev [Wed, 2 Mar 2016 06:37:23 +0000 (22:37 -0800)]
Update NEWS

8 years agoFix bug #71498: Out-of-Bound Read in phar_parse_zipfile()
Stanislav Malyshev [Mon, 22 Feb 2016 00:51:05 +0000 (16:51 -0800)]
Fix bug #71498: Out-of-Bound Read in phar_parse_zipfile()

8 years agoFixed bug #71587 - Use-After-Free / Double-Free in WDDX Deserialize
Stanislav Malyshev [Mon, 15 Feb 2016 06:34:39 +0000 (22:34 -0800)]
Fixed bug #71587 - Use-After-Free / Double-Free in WDDX Deserialize

8 years agoadd error check to sysconf call
Anatol Belski [Tue, 2 Feb 2016 13:19:10 +0000 (14:19 +0100)]
add error check to sysconf call

8 years agoGoing for 5.5.33 now
Julien Pauli [Tue, 2 Feb 2016 09:42:49 +0000 (10:42 +0100)]
Going for 5.5.33 now

8 years agofix tests
Stanislav Malyshev [Tue, 2 Feb 2016 02:58:02 +0000 (18:58 -0800)]
fix tests

8 years agofix NEWS
Stanislav Malyshev [Tue, 2 Feb 2016 02:47:56 +0000 (18:47 -0800)]
fix NEWS

8 years agoupdate NEWS
Stanislav Malyshev [Tue, 2 Feb 2016 02:44:33 +0000 (18:44 -0800)]
update NEWS

8 years agoMerge branch 'PHP-5.5' into PHP-5.5.32
Stanislav Malyshev [Tue, 2 Feb 2016 02:28:49 +0000 (18:28 -0800)]
Merge branch 'PHP-5.5' into PHP-5.5.32

* PHP-5.5:
  Upgrade bundled PCRE to 8.38
  Fixed NEWS file entry

8 years agoUpgrade bundled PCRE to 8.38
Stanislav Malyshev [Mon, 1 Feb 2016 04:33:17 +0000 (20:33 -0800)]
Upgrade bundled PCRE to 8.38

8 years agoFixed bug #71488: Stack overflow when decompressing tar archives
Stanislav Malyshev [Mon, 1 Feb 2016 03:37:56 +0000 (19:37 -0800)]
Fixed bug #71488: Stack overflow when decompressing tar archives

8 years agoupdate NEWS
Anatol Belski [Thu, 28 Jan 2016 12:57:44 +0000 (13:57 +0100)]
update NEWS

8 years agoadd missing headers for SIZE_MAX
Anatol Belski [Thu, 28 Jan 2016 12:46:34 +0000 (13:46 +0100)]
add missing headers for SIZE_MAX

8 years agobackport the escapeshell* functions hardening branch
Anatol Belski [Thu, 28 Jan 2016 12:45:43 +0000 (13:45 +0100)]
backport the escapeshell* functions hardening branch

8 years agoadd tests
Anatol Belski [Thu, 28 Jan 2016 12:27:26 +0000 (13:27 +0100)]
add tests

8 years agoFixed NEWS file entry
Julien Pauli [Thu, 28 Jan 2016 11:47:53 +0000 (12:47 +0100)]
Fixed NEWS file entry

8 years agoFix bug #71459 - Integer overflow in iptcembed()
Stanislav Malyshev [Wed, 27 Jan 2016 01:26:52 +0000 (17:26 -0800)]
Fix bug #71459 - Integer overflow in iptcembed()

8 years agoFixed bug #71323 - Output of stream_get_meta_data can be falsified by its input
Stanislav Malyshev [Sun, 17 Jan 2016 06:10:54 +0000 (22:10 -0800)]
Fixed bug #71323 - Output of stream_get_meta_data can be falsified by its input

8 years agoFix bug #71391: NULL Pointer Dereference in phar_tar_setupmetadata()
Stanislav Malyshev [Sun, 17 Jan 2016 04:43:43 +0000 (20:43 -0800)]
Fix bug #71391: NULL Pointer Dereference in phar_tar_setupmetadata()

8 years agoFix bug #71335: Type Confusion in WDDX Packet Deserialization
Stanislav Malyshev [Thu, 14 Jan 2016 00:43:04 +0000 (16:43 -0800)]
Fix bug #71335: Type Confusion in WDDX Packet Deserialization

8 years agoMerge branch 'bug71354' into PHP-5.5.32
Stanislav Malyshev [Thu, 14 Jan 2016 00:33:37 +0000 (16:33 -0800)]
Merge branch 'bug71354' into PHP-5.5.32

* bug71354:
  Fix bug #71354 - remove UMR when size is 0

8 years agoFix bug #71354 - remove UMR when size is 0
Stanislav Malyshev [Thu, 14 Jan 2016 00:32:29 +0000 (16:32 -0800)]
Fix bug #71354 - remove UMR when size is 0

8 years agofix the fix for bug #70976 (imagerotate)
Remi Collet [Tue, 12 Jan 2016 12:52:27 +0000 (13:52 +0100)]
fix the fix for bug #70976 (imagerotate)

8 years ago5.5.32 now
Julien Pauli [Thu, 7 Jan 2016 12:04:35 +0000 (13:04 +0100)]
5.5.32 now

8 years agoUpdate NEWS
Stanislav Malyshev [Wed, 6 Jan 2016 03:28:24 +0000 (19:28 -0800)]
Update NEWS

9 years agoImprove fix for bug #70976
Stanislav Malyshev [Tue, 29 Dec 2015 07:44:14 +0000 (23:44 -0800)]
Improve fix for bug #70976

9 years agoFixed bug #70661 (Use After Free Vulnerability in WDDX Packet Deserialization)
Stanislav Malyshev [Mon, 28 Dec 2015 22:46:35 +0000 (14:46 -0800)]
Fixed bug #70661 (Use After Free Vulnerability in WDDX Packet Deserialization)

9 years agoFixed bug #70741: Session WDDX Packet Deserialization Type Confusion Vulnerability
Stanislav Malyshev [Mon, 28 Dec 2015 20:42:44 +0000 (12:42 -0800)]
Fixed bug #70741: Session WDDX Packet Deserialization Type Confusion Vulnerability

9 years agoFixed #70728
Julien Pauli [Tue, 22 Dec 2015 13:28:19 +0000 (14:28 +0100)]
Fixed #70728

9 years agoFixed bug #70755: fpm_log.c memory leak and buffer overflow
Stanislav Malyshev [Tue, 8 Dec 2015 08:10:07 +0000 (00:10 -0800)]
Fixed bug #70755: fpm_log.c memory leak and buffer overflow

9 years agoFix bug #70976: fix boundary check on gdImageRotateInterpolated
Stanislav Malyshev [Tue, 8 Dec 2015 07:30:49 +0000 (23:30 -0800)]
Fix bug #70976: fix boundary check on gdImageRotateInterpolated

9 years agotypofix
Stanislav Malyshev [Sun, 6 Dec 2015 22:07:39 +0000 (14:07 -0800)]
typofix

9 years agoMerge branch 'pr-1483' into PHP-5.5
Ferenc Kovacs [Mon, 19 Oct 2015 20:44:19 +0000 (22:44 +0200)]
Merge branch 'pr-1483' into PHP-5.5

* pr-1483:
  fixup, both catched by nikic
  use another character device in this test as /dev/console seems that it is different for lxc containers
  the de_DE(iso-8859-1) locale is not available on ubuntu by default, but there is no reason to require that over the utf-8 one
  let's try running our testsuite without sudo

9 years agoFixed test
Julien Pauli [Wed, 30 Sep 2015 11:18:16 +0000 (13:18 +0200)]
Fixed test

9 years ago5.5.31 now
Julien Pauli [Wed, 30 Sep 2015 11:01:11 +0000 (13:01 +0200)]
5.5.31 now

9 years agoadd NEWS entries
Ferenc Kovacs [Tue, 29 Sep 2015 23:15:24 +0000 (01:15 +0200)]
add NEWS entries

9 years agoBetter fix for bug #70433
Stanislav Malyshev [Tue, 29 Sep 2015 04:37:26 +0000 (21:37 -0700)]
Better fix for bug #70433

9 years agofix memory leak
Stanislav Malyshev [Tue, 29 Sep 2015 03:43:18 +0000 (20:43 -0700)]
fix memory leak

9 years agoFIx bug #70433 - Uninitialized pointer in phar_make_dirstream when zip entry filename...
Stanislav Malyshev [Tue, 29 Sep 2015 00:12:35 +0000 (17:12 -0700)]
FIx bug #70433 - Uninitialized pointer in phar_make_dirstream when zip entry filename is "/"

9 years agoFix bug #69720: Null pointer dereference in phar_get_fp_offset()
Stanislav Malyshev [Mon, 28 Sep 2015 22:51:59 +0000 (15:51 -0700)]
Fix bug #69720: Null pointer dereference in phar_get_fp_offset()

9 years agoMerge branch 'PHP-5.4' into PHP-5.5
Julien Pauli [Wed, 2 Sep 2015 15:55:20 +0000 (17:55 +0200)]
Merge branch 'PHP-5.4' into PHP-5.5

* PHP-5.4:
  Merge branch 'PHP-5.6'
  bump version

Conflicts:
configure.in
main/php_version.h

9 years agoMerge branch 'PHP-5.6' PHP-5.4
Matteo Beccati [Sat, 29 Aug 2015 08:48:53 +0000 (10:48 +0200)]
Merge branch 'PHP-5.6'

* PHP-5.6:
  Added missing skipif for phar+zlib test

9 years ago5.5.30 next
Julien Pauli [Wed, 2 Sep 2015 15:40:56 +0000 (17:40 +0200)]
5.5.30 next

9 years agobump version
Stanislav Malyshev [Tue, 1 Sep 2015 20:12:16 +0000 (13:12 -0700)]
bump version

9 years agoMerge branch 'PHP-5.5' into PHP-5.5.29
Stanislav Malyshev [Tue, 1 Sep 2015 19:24:06 +0000 (12:24 -0700)]
Merge branch 'PHP-5.5' into PHP-5.5.29

* PHP-5.5:
  fix unit tests

9 years agoMerge branch 'PHP-5.4' into PHP-5.5
Stanislav Malyshev [Tue, 1 Sep 2015 19:23:55 +0000 (12:23 -0700)]
Merge branch 'PHP-5.4' into PHP-5.5

* PHP-5.4:
  fix unit tests

9 years agofix unit tests
Stanislav Malyshev [Tue, 1 Sep 2015 19:23:22 +0000 (12:23 -0700)]
fix unit tests

9 years agoMerge branch 'PHP-5.5' into PHP-5.5.29
Stanislav Malyshev [Tue, 1 Sep 2015 19:04:04 +0000 (12:04 -0700)]
Merge branch 'PHP-5.5' into PHP-5.5.29

* PHP-5.5:
  update NEWS
  add NEWS for fixes

9 years agoupdate NEWS
Stanislav Malyshev [Tue, 1 Sep 2015 19:03:48 +0000 (12:03 -0700)]
update NEWS

9 years agoMerge branch 'PHP-5.4' into PHP-5.5
Stanislav Malyshev [Tue, 1 Sep 2015 19:00:30 +0000 (12:00 -0700)]
Merge branch 'PHP-5.4' into PHP-5.5

* PHP-5.4:
  add NEWS for fixes

9 years agoadd NEWS for fixes
Stanislav Malyshev [Tue, 1 Sep 2015 18:53:59 +0000 (11:53 -0700)]
add NEWS for fixes

9 years agoMerge branch 'PHP-5.5' into PHP-5.5.29
Stanislav Malyshev [Tue, 1 Sep 2015 18:43:27 +0000 (11:43 -0700)]
Merge branch 'PHP-5.5' into PHP-5.5.29

* PHP-5.5:
  Improve fix for #70172
  Add CVE IDs asigned (post release) to PHP 5.4.43
  Add CVE IDs asigned to #69085 (PHP 5.4.39)

Conflicts:
ext/pcre/php_pcre.c

9 years agoMerge branch 'PHP-5.4' into PHP-5.5
Stanislav Malyshev [Tue, 1 Sep 2015 18:42:19 +0000 (11:42 -0700)]
Merge branch 'PHP-5.4' into PHP-5.5

* PHP-5.4:
  Improve fix for #70172
  Fix bug #70312 - HAVAL gives wrong hashes in specific cases
  fix test
  add test
  Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
  Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
  Fix bug #70172 - Use After Free Vulnerability in unserialize()
  Fix bug #70388 - SOAP serialize_function_call() type confusion
  Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
  Improve fix for #70385
  Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
  Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
  Fix bug #70219 (Use after free vulnerability in session deserializer)
  Fix for bug #69782
  Add CVE IDs asigned (post release) to PHP 5.4.43
  Add CVE IDs asigned to #69085 (PHP 5.4.39)
  5.4.45 next

Conflicts:
configure.in
ext/pcre/php_pcre.c
ext/standard/var_unserializer.c
ext/standard/var_unserializer.re
main/php_version.h

9 years agoMerge branch 'PHP-5.4.45' into PHP-5.4
Stanislav Malyshev [Tue, 1 Sep 2015 18:40:15 +0000 (11:40 -0700)]
Merge branch 'PHP-5.4.45' into PHP-5.4

* PHP-5.4.45:
  Improve fix for #70172
  Fix bug #70312 - HAVAL gives wrong hashes in specific cases
  fix test
  add test
  Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
  Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
  Fix bug #70172 - Use After Free Vulnerability in unserialize()
  Fix bug #70388 - SOAP serialize_function_call() type confusion
  Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
  Improve fix for #70385
  Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
  Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
  Fix bug #70219 (Use after free vulnerability in session deserializer)
  Fix for bug #69782

9 years agoImprove fix for #70172
Stanislav Malyshev [Tue, 1 Sep 2015 18:38:15 +0000 (11:38 -0700)]
Improve fix for #70172

9 years agoMerge branch 'PHP-5.4.45' into PHP-5.5.29
Stanislav Malyshev [Tue, 1 Sep 2015 08:17:12 +0000 (01:17 -0700)]
Merge branch 'PHP-5.4.45' into PHP-5.5.29

* PHP-5.4.45:
  Fix bug #70312 - HAVAL gives wrong hashes in specific cases

9 years agoFix bug #70312 - HAVAL gives wrong hashes in specific cases
Stanislav Malyshev [Tue, 1 Sep 2015 08:16:30 +0000 (01:16 -0700)]
Fix bug #70312 - HAVAL gives wrong hashes in specific cases

9 years agoMerge branch 'PHP-5.4.45' into PHP-5.5.29
Stanislav Malyshev [Tue, 1 Sep 2015 07:59:55 +0000 (00:59 -0700)]
Merge branch 'PHP-5.4.45' into PHP-5.5.29

* PHP-5.4.45:
  fix test

9 years agofix test
Stanislav Malyshev [Tue, 1 Sep 2015 07:59:31 +0000 (00:59 -0700)]
fix test

9 years agoMerge branch 'PHP-5.4.45' into PHP-5.5.29
Stanislav Malyshev [Tue, 1 Sep 2015 07:28:39 +0000 (00:28 -0700)]
Merge branch 'PHP-5.4.45' into PHP-5.5.29

* PHP-5.4.45:
  add test
  Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
  Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
  Fix bug #70172 - Use After Free Vulnerability in unserialize()
  Fix bug #70388 - SOAP serialize_function_call() type confusion
  Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
  Improve fix for #70385
  Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
  Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)

Conflicts:
ext/pcre/php_pcre.c
ext/standard/var_unserializer.c

9 years agoadd test
Stanislav Malyshev [Tue, 1 Sep 2015 07:26:12 +0000 (00:26 -0700)]
add test

9 years agoFix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
Stanislav Malyshev [Tue, 1 Sep 2015 07:20:45 +0000 (00:20 -0700)]
Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList

9 years agoFix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
Stanislav Malyshev [Tue, 1 Sep 2015 07:14:15 +0000 (00:14 -0700)]
Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage

9 years agoFix bug #70172 - Use After Free Vulnerability in unserialize()
Stanislav Malyshev [Tue, 1 Sep 2015 04:28:11 +0000 (21:28 -0700)]
Fix bug #70172 - Use After Free Vulnerability in unserialize()

9 years agoFix bug #70388 - SOAP serialize_function_call() type confusion
Stanislav Malyshev [Tue, 1 Sep 2015 04:06:03 +0000 (21:06 -0700)]
Fix bug #70388 - SOAP serialize_function_call() type confusion

9 years agoFixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating...
Stanislav Malyshev [Sun, 30 Aug 2015 07:38:08 +0000 (00:38 -0700)]
Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories

9 years agoImprove fix for #70385
Stanislav Malyshev [Sun, 30 Aug 2015 06:01:36 +0000 (23:01 -0700)]
Improve fix for #70385

9 years agoFix bug #70345 (Multiple vulnerabilities related to PCRE functions)
Stanislav Malyshev [Sat, 29 Aug 2015 05:52:50 +0000 (22:52 -0700)]
Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)

9 years agoFix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of...
Stanislav Malyshev [Sat, 29 Aug 2015 05:25:41 +0000 (22:25 -0700)]
Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)

9 years agoMore fixes for bug #70219
Stanislav Malyshev [Sat, 29 Aug 2015 04:50:21 +0000 (21:50 -0700)]
More fixes for bug #70219

9 years agoMerge branch 'PHP-5.4.45' into PHP-5.5.29
Stanislav Malyshev [Wed, 26 Aug 2015 06:08:49 +0000 (23:08 -0700)]
Merge branch 'PHP-5.4.45' into PHP-5.5.29

* PHP-5.4.45:
  Fix bug #70219 (Use after free vulnerability in session deserializer)
  Fix for bug #69782
  5.4.45 next

Conflicts:
configure.in
ext/standard/var_unserializer.c
ext/standard/var_unserializer.re
main/php_version.h

9 years agofixup, both catched by nikic
Ferenc Kovacs [Mon, 24 Aug 2015 15:02:25 +0000 (17:02 +0200)]
fixup, both catched by nikic

9 years agouse another character device in this test as /dev/console seems that it is different...
Ferenc Kovacs [Mon, 24 Aug 2015 06:52:31 +0000 (08:52 +0200)]
use another character device in this test as /dev/console seems that it is different for lxc containers

9 years agothe de_DE(iso-8859-1) locale is not available on ubuntu by default, but there is...
Ferenc Kovacs [Mon, 24 Aug 2015 00:21:09 +0000 (02:21 +0200)]
the de_DE(iso-8859-1) locale is not available on ubuntu by default, but there is no reason to require that over the utf-8 one

9 years agoFix bug #70219 (Use after free vulnerability in session deserializer)
Stanislav Malyshev [Sun, 23 Aug 2015 20:27:59 +0000 (13:27 -0700)]
Fix bug #70219 (Use after free vulnerability in session deserializer)

9 years agolet's try running our testsuite without sudo
Ferenc Kovacs [Sun, 23 Aug 2015 20:47:51 +0000 (22:47 +0200)]
let's try running our testsuite without sudo

9 years agoFix for bug #69782
Stanislav Malyshev [Mon, 17 Aug 2015 00:16:15 +0000 (17:16 -0700)]
Fix for bug #69782

9 years agoAdd CVE IDs asigned (post release) to PHP 5.4.43
Lior Kaplan [Mon, 10 Aug 2015 08:19:18 +0000 (11:19 +0300)]
Add CVE IDs asigned (post release) to PHP 5.4.43

9 years agoAdd CVE IDs asigned to #69085 (PHP 5.4.39)
Lior Kaplan [Mon, 10 Aug 2015 08:18:33 +0000 (11:18 +0300)]
Add CVE IDs asigned to #69085 (PHP 5.4.39)

9 years ago5.5.29 next
Stanislav Malyshev [Wed, 5 Aug 2015 06:59:55 +0000 (23:59 -0700)]
5.5.29 next

9 years ago5.4.45 next
Stanislav Malyshev [Wed, 5 Aug 2015 06:56:15 +0000 (23:56 -0700)]
5.4.45 next

9 years agoMerge branch 'PHP-5.4' into PHP-5.5
Stanislav Malyshev [Tue, 4 Aug 2015 23:45:32 +0000 (16:45 -0700)]
Merge branch 'PHP-5.4' into PHP-5.5

* PHP-5.4:
  fix test

9 years agofix test
Stanislav Malyshev [Tue, 4 Aug 2015 23:45:20 +0000 (16:45 -0700)]
fix test

9 years agoMerge branch 'PHP-5.4' into PHP-5.5
Stanislav Malyshev [Tue, 4 Aug 2015 23:13:43 +0000 (16:13 -0700)]
Merge branch 'PHP-5.4' into PHP-5.5

* PHP-5.4:
  __wakeup doesn't have to be final

9 years ago__wakeup doesn't have to be final
Stanislav Malyshev [Tue, 4 Aug 2015 23:13:26 +0000 (16:13 -0700)]
__wakeup doesn't have to be final

9 years agoupdate NEWS
Stanislav Malyshev [Tue, 4 Aug 2015 22:22:59 +0000 (15:22 -0700)]
update NEWS

9 years agoMerge branch 'PHP-5.4' into PHP-5.5
Stanislav Malyshev [Tue, 4 Aug 2015 21:46:30 +0000 (14:46 -0700)]
Merge branch 'PHP-5.4' into PHP-5.5

* PHP-5.4:
  fix test
  update NEWS

9 years agofix test
Stanislav Malyshev [Tue, 4 Aug 2015 21:46:19 +0000 (14:46 -0700)]
fix test

9 years agoupdate NEWS
Stanislav Malyshev [Tue, 4 Aug 2015 21:37:28 +0000 (14:37 -0700)]
update NEWS

9 years agoMerge branch 'PHP-5.4' into PHP-5.5
Stanislav Malyshev [Tue, 4 Aug 2015 21:10:57 +0000 (14:10 -0700)]
Merge branch 'PHP-5.4' into PHP-5.5

* PHP-5.4:
  Fix bug #70019 - limit extracted files to given directory
  Do not do convert_to_* on unserialize, it messes up references
  Fix #69793 - limit what we accept when unserializing exception
  Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
  Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
  ignore signatures for packages too
  Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
  Fixed bug #69892
  Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
  Improved fix for Bug #69441
  Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
  Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
  Fix bug #70081: check types for SOAP variables

Conflicts:
.gitignore
ext/date/php_date.c
ext/spl/spl_array.c
ext/spl/spl_observer.c

9 years agoMerge branch 'PHP-5.4' into PHP-5.4.44
Stanislav Malyshev [Tue, 4 Aug 2015 21:04:24 +0000 (14:04 -0700)]
Merge branch 'PHP-5.4' into PHP-5.4.44

* PHP-5.4:
  Fixed bug #69892
  Adjust Git-Rules

9 years agoFix bug #70019 - limit extracted files to given directory
Stanislav Malyshev [Tue, 4 Aug 2015 21:00:29 +0000 (14:00 -0700)]
Fix bug #70019 - limit extracted files to given directory

9 years agoDo not do convert_to_* on unserialize, it messes up references
Stanislav Malyshev [Sun, 2 Aug 2015 07:34:09 +0000 (00:34 -0700)]
Do not do convert_to_* on unserialize, it messes up references

9 years agoFix #69793 - limit what we accept when unserializing exception
Stanislav Malyshev [Mon, 27 Jul 2015 08:38:27 +0000 (01:38 -0700)]
Fix #69793 - limit what we accept when unserializing exception

9 years agoFixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
Stanislav Malyshev [Sun, 2 Aug 2015 04:51:08 +0000 (21:51 -0700)]
Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)

9 years agoFixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
Stanislav Malyshev [Sun, 2 Aug 2015 04:45:19 +0000 (21:45 -0700)]
Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject