]> granicus.if.org Git - php/log
php
9 years agoBetter fix for #68601 for perf
Remi Collet [Wed, 17 Dec 2014 09:59:36 +0000 (10:59 +0100)]
Better fix for #68601 for perf
https://bitbucket.org/libgd/gd-libgd/commits/81e9a993f2893d651d225646378e3fd1b7465467

9 years agoFix bug #68601 buffer read overflow in gd_gif_in.c
Remi Collet [Sat, 13 Dec 2014 08:03:44 +0000 (09:03 +0100)]
Fix bug #68601 buffer read overflow in gd_gif_in.c

9 years agoRevert "Merge branch 'PHP-5.4' of https://git.php.net/repository/php-src into PHP...
Stanislav Malyshev [Thu, 2 Apr 2015 06:43:33 +0000 (23:43 -0700)]
Revert "Merge branch 'PHP-5.4' of https://git.php.net/repository/php-src into PHP-5.4"

This reverts commit fe0ca2745f00940a27bfc8e87db534541a19af70, reversing
changes made to 968fbc6acf0bc27be17c0209be7f966e89a55943.

9 years agoFixed bug #69293
Dmitry Stogov [Fri, 27 Mar 2015 15:40:58 +0000 (18:40 +0300)]
Fixed bug #69293

9 years agoMerge branch 'PHP-5.4' of https://git.php.net/repository/php-src into PHP-5.4
Xinchen Hui [Wed, 25 Mar 2015 05:05:08 +0000 (13:05 +0800)]
Merge branch 'PHP-5.4' of https://git.php.net/repository/php-src into PHP-5.4

9 years agoBacport fix bug #68741 - Null pointer dereference
Stanislav Malyshev [Mon, 23 Mar 2015 01:20:59 +0000 (18:20 -0700)]
Bacport fix bug #68741 - Null pointer dereference

9 years agoCheck that the type is correct
Stanislav Malyshev [Mon, 23 Mar 2015 01:17:47 +0000 (18:17 -0700)]
Check that the type is correct

9 years agoadd CVEs
Stanislav Malyshev [Fri, 20 Mar 2015 05:53:29 +0000 (22:53 -0700)]
add CVEs

9 years agoFixed bug #69152
Dmitry Stogov [Thu, 19 Mar 2015 08:36:01 +0000 (11:36 +0300)]
Fixed bug #69152

9 years ago5.4.40 next
Stanislav Malyshev [Wed, 18 Mar 2015 05:37:16 +0000 (22:37 -0700)]
5.4.40 next

9 years agoFix bug #69253 - ZIP Integer Overflow leads to writing past heap boundary
Stanislav Malyshev [Wed, 18 Mar 2015 04:59:56 +0000 (21:59 -0700)]
Fix bug #69253 - ZIP Integer Overflow leads to writing past heap boundary

9 years agoFix bug #69248 - heap overflow vulnerability in regcomp.c
Stanislav Malyshev [Wed, 18 Mar 2015 00:04:57 +0000 (17:04 -0700)]
Fix bug #69248 - heap overflow vulnerability in regcomp.c

Merged from https://github.com/garyhouston/regex/commit/70bc2965604b6b8aaf260049e64c708dddf85334

9 years agoadd test for bug #68976
Stanislav Malyshev [Wed, 18 Mar 2015 00:03:46 +0000 (17:03 -0700)]
add test for bug #68976

9 years agoFixed bug #68976 - Use After Free Vulnerability in unserialize()
Stanislav Malyshev [Tue, 17 Mar 2015 20:20:22 +0000 (13:20 -0700)]
Fixed bug #68976 - Use After Free Vulnerability in unserialize()

9 years agoFixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM configuration options)
Stanislav Malyshev [Tue, 17 Mar 2015 20:04:36 +0000 (13:04 -0700)]
Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM configuration options)

9 years agofix tests
Stanislav Malyshev [Fri, 6 Feb 2015 05:54:47 +0000 (21:54 -0800)]
fix tests

9 years agoFix bug #69207 - move_uploaded_file allows nulls in path
Stanislav Malyshev [Tue, 17 Mar 2015 19:47:58 +0000 (12:47 -0700)]
Fix bug #69207 - move_uploaded_file allows nulls in path

9 years agoMerge branch 'arginfo' of https://github.com/realityking/php-src into PHP-5.4
Xinchen Hui [Sun, 8 Mar 2015 14:53:19 +0000 (22:53 +0800)]
Merge branch 'arginfo' of https://github.com/realityking/php-src into PHP-5.4

9 years agoAdded type checks
Dmitry Stogov [Tue, 3 Mar 2015 07:43:48 +0000 (10:43 +0300)]
Added type checks

9 years agoAdded type checks
Dmitry Stogov [Tue, 3 Mar 2015 06:44:46 +0000 (09:44 +0300)]
Added type checks

9 years agoCheck variable type before its usage as IS_ARRAY.
Dmitry Stogov [Mon, 2 Mar 2015 09:27:36 +0000 (12:27 +0300)]
Check variable type before its usage as IS_ARRAY.

9 years agoFixed a bug that header value is not terminated by '\0' when accessed through getenv().
George Wang [Wed, 25 Feb 2015 15:48:19 +0000 (10:48 -0500)]
Fixed a bug that header value is not terminated by '\0' when accessed through getenv().

9 years agofix typo in bug#
Ferenc Kovacs [Wed, 18 Feb 2015 18:47:07 +0000 (19:47 +0100)]
fix typo in bug#

9 years agoadd CVE
Remi Collet [Wed, 18 Feb 2015 05:44:41 +0000 (06:44 +0100)]
add CVE

9 years ago5.4.39 next
Stanislav Malyshev [Tue, 17 Feb 2015 06:34:00 +0000 (07:34 +0100)]
5.4.39 next

9 years agoPort for for bug #68552
Stanislav Malyshev [Mon, 16 Feb 2015 05:50:10 +0000 (06:50 +0100)]
Port for for bug #68552

9 years agoFix bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone)
Stanislav Malyshev [Sun, 1 Feb 2015 06:40:08 +0000 (22:40 -0800)]
Fix bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone)

Conflicts:
ext/date/php_date.c

9 years ago- BFN
Felipe Pena [Tue, 17 Feb 2015 03:14:05 +0000 (01:14 -0200)]
- BFN

9 years ago- Fixed bug #67827 (broken detection of system crypt sha256/sha512 support)
Felipe Pena [Tue, 17 Feb 2015 02:23:47 +0000 (00:23 -0200)]
- Fixed bug #67827 (broken detection of system crypt sha256/sha512 support)

9 years ago- Fixed bug #67427 (SoapServer cannot handle large messages) patch by: brandt at...
Felipe Pena [Mon, 16 Feb 2015 15:07:26 +0000 (13:07 -0200)]
- Fixed bug #67427 (SoapServer cannot handle large messages) patch by: brandt at docoloc dot de

9 years agoUpdate NEWS
Yasuo Ohgaki [Fri, 13 Feb 2015 20:34:57 +0000 (05:34 +0900)]
Update NEWS

9 years agoAdd NULL byte protection to exec, system and passthru
Yasuo Ohgaki [Fri, 13 Feb 2015 20:25:04 +0000 (05:25 +0900)]
Add NULL byte protection to exec, system and passthru

9 years agoFixed #68790 (Missing return)
George Wang [Sat, 7 Feb 2015 17:16:54 +0000 (12:16 -0500)]
Fixed #68790 (Missing return)

9 years agoUpdate header handling to RFC 7230
Stanislav Malyshev [Wed, 4 Feb 2015 09:11:00 +0000 (01:11 -0800)]
Update header handling to RFC 7230

9 years agofix sizeof size
Stanislav Malyshev [Sun, 1 Feb 2015 20:40:38 +0000 (12:40 -0800)]
fix sizeof size

9 years agofix TSRM
Stanislav Malyshev [Sun, 1 Feb 2015 07:34:14 +0000 (23:34 -0800)]
fix TSRM

9 years agoUse better constant since MAXHOSTNAMELEN may mean shorter name
Stanislav Malyshev [Sun, 1 Feb 2015 05:46:56 +0000 (21:46 -0800)]
Use better constant since MAXHOSTNAMELEN may mean shorter name

9 years agouse right sizeof for memset
Stanislav Malyshev [Sun, 1 Feb 2015 05:30:58 +0000 (21:30 -0800)]
use right sizeof for memset

9 years agoAdd mitigation for CVE-2015-0235 (bug #68925)
Stanislav Malyshev [Sun, 1 Feb 2015 02:59:18 +0000 (18:59 -0800)]
Add mitigation for CVE-2015-0235 (bug #68925)

9 years agofix some factual errors in the process
Ferenc Kovacs [Thu, 22 Jan 2015 20:27:38 +0000 (21:27 +0100)]
fix some factual errors in the process

9 years agoformat
Stanislav Malyshev [Tue, 20 Jan 2015 19:57:17 +0000 (11:57 -0800)]
format

9 years agoadd CVE
Stanislav Malyshev [Tue, 20 Jan 2015 19:54:45 +0000 (11:54 -0800)]
add CVE

9 years agoadd protection against nulls
Stanislav Malyshev [Tue, 20 Jan 2015 19:46:10 +0000 (11:46 -0800)]
add protection against nulls

9 years ago5.4.38 next
Stanislav Malyshev [Tue, 20 Jan 2015 18:38:33 +0000 (10:38 -0800)]
5.4.38 next

9 years agoMerge branch 'bug68710' into PHP-5.4
Stanislav Malyshev [Tue, 20 Jan 2015 09:00:52 +0000 (01:00 -0800)]
Merge branch 'bug68710' into PHP-5.4

* bug68710:
  Fix for bug #68710 (Use After Free Vulnerability in PHP's unserialize())

9 years agoMerge branch 'bug68799' into PHP-5.4
Stanislav Malyshev [Tue, 20 Jan 2015 08:57:55 +0000 (00:57 -0800)]
Merge branch 'bug68799' into PHP-5.4

* bug68799:
  Fix bug #68799: Free called on unitialized pointer

9 years agoUpdate NEWS
Daniel Lowrey [Wed, 14 Jan 2015 17:03:27 +0000 (18:03 +0100)]
Update NEWS

9 years agoFixed bug #55618 (use case-insensitive cert name matching)
Daniel Lowrey [Wed, 14 Jan 2015 17:02:50 +0000 (18:02 +0100)]
Fixed bug #55618 (use case-insensitive cert name matching)

9 years agoFix bug #68799: Free called on unitialized pointer
Stanislav Malyshev [Sun, 11 Jan 2015 08:51:05 +0000 (00:51 -0800)]
Fix bug #68799: Free called on unitialized pointer

10 years agoupdated libmagic.patch in 5.4
Anatol Belski [Sun, 4 Jan 2015 16:04:13 +0000 (17:04 +0100)]
updated libmagic.patch in 5.4

10 years agoFixed bug #68735 fileinfo out-of-bounds memory access
Anatol Belski [Sun, 4 Jan 2015 13:20:21 +0000 (14:20 +0100)]
Fixed bug #68735 fileinfo out-of-bounds memory access

10 years agoremoved dead code
Remi Collet [Sun, 4 Jan 2015 08:40:19 +0000 (09:40 +0100)]
removed dead code

10 years agoFix for bug #68710 (Use After Free Vulnerability in PHP's unserialize())
Stanislav Malyshev [Fri, 2 Jan 2015 00:19:05 +0000 (16:19 -0800)]
Fix for bug #68710 (Use After Free Vulnerability in PHP's unserialize())

10 years agoFIx bug #68618 (out of bounds read crashes php-cgi)
Stanislav Malyshev [Tue, 30 Dec 2014 09:23:05 +0000 (01:23 -0800)]
FIx bug #68618 (out of bounds read crashes php-cgi)

10 years agoadd missing NEWS entry
Ferenc Kovacs [Wed, 17 Dec 2014 01:10:36 +0000 (02:10 +0100)]
add missing NEWS entry

10 years ago5.4.37
Stanislav Malyshev [Tue, 16 Dec 2014 19:44:41 +0000 (11:44 -0800)]
5.4.37

10 years agoadd CVE
Stanislav Malyshev [Tue, 16 Dec 2014 18:16:31 +0000 (10:16 -0800)]
add CVE

10 years agoadd missing test file
Stanislav Malyshev [Fri, 12 Dec 2014 04:52:08 +0000 (20:52 -0800)]
add missing test file

10 years agoFix bug #68594 - Use after free vulnerability in unserialize()
Stanislav Malyshev [Fri, 12 Dec 2014 03:28:32 +0000 (19:28 -0800)]
Fix bug #68594 - Use after free vulnerability in unserialize()

10 years agoFix undefined behaviour in strnatcmp
Andrea Faulds [Sat, 13 Dec 2014 22:06:27 +0000 (22:06 +0000)]
Fix undefined behaviour in strnatcmp

10 years agoupdate NEWS
Stanislav Malyshev [Thu, 11 Dec 2014 18:41:17 +0000 (10:41 -0800)]
update NEWS

10 years agomove the test to the right place
Anatol Belski [Wed, 10 Dec 2014 12:19:51 +0000 (13:19 +0100)]
move the test to the right place

10 years agoFixed bug #68545 NULL pointer dereference in unserialize.c
Anatol Belski [Wed, 10 Dec 2014 10:43:33 +0000 (11:43 +0100)]
Fixed bug #68545 NULL pointer dereference in unserialize.c

10 years agoFixed possible read after end of buffer and use after free.
Dmitry Stogov [Mon, 8 Dec 2014 09:18:27 +0000 (12:18 +0300)]
Fixed possible read after end of buffer and use after free.

10 years agoRevert unintentional docblock change
Chris Christoff [Fri, 5 Dec 2014 20:59:46 +0000 (15:59 -0500)]
Revert unintentional docblock change

Revert unintentional docblock change

It looks like commit dd8e59da8f5aafd9d77a0f1f17e5e272d09f643f
introduced an unintended docbloc change. I have reverted this
change in this commit.

10 years agomake sure that we don't truncate the stack trace and cause false test failures when...
Ferenc Kovacs [Tue, 2 Dec 2014 18:17:58 +0000 (19:17 +0100)]
make sure that we don't truncate the stack trace and cause false test failures when the test is executed in a directory with long path

10 years agoupdate news
Stanislav Malyshev [Mon, 1 Dec 2014 05:12:03 +0000 (21:12 -0800)]
update news

10 years agoApply error-code-salt fix to Windows too
Leigh [Tue, 7 Oct 2014 12:12:38 +0000 (13:12 +0100)]
Apply error-code-salt fix to Windows too

Conflicts:
ext/standard/crypt.c

10 years agoBug fixes in light of failing bcrypt tests
Leigh [Tue, 7 Oct 2014 11:27:57 +0000 (12:27 +0100)]
Bug fixes in light of failing bcrypt tests

Conflicts:
ext/standard/crypt.c

10 years agoAdd tests from 1.3. Add missing tests.
Leigh [Tue, 7 Oct 2014 10:50:36 +0000 (11:50 +0100)]
Add tests from 1.3. Add missing tests.

3 of the missing tests fail. // TODO

10 years agoUpgrade crypt_blowfish to version 1.3
Leigh [Tue, 7 Oct 2014 10:23:24 +0000 (11:23 +0100)]
Upgrade crypt_blowfish to version 1.3

10 years agoupdate for LiteSpeed
Stanislav Malyshev [Mon, 24 Nov 2014 02:05:26 +0000 (18:05 -0800)]
update for LiteSpeed

10 years agoRevert "made lsapi_main.c compatible with PHP7/phpng ."
Stanislav Malyshev [Sat, 22 Nov 2014 08:38:04 +0000 (00:38 -0800)]
Revert "made lsapi_main.c compatible with PHP7/phpng ."

This reverts commit 9fb816f45ad9baa46b91514e70f755eb88539e85.
Not a security-related fix.

10 years agomade lsapi_main.c compatible with PHP7/phpng .
George Wang [Thu, 20 Nov 2014 21:49:01 +0000 (16:49 -0500)]
made lsapi_main.c compatible with PHP7/phpng .

10 years ago5.4.36-dev
Stanislav Malyshev [Wed, 12 Nov 2014 00:31:38 +0000 (16:31 -0800)]
5.4.36-dev

10 years agoFixed bug #66584 Segmentation fault on statement deallocation
Matteo Beccati [Sat, 1 Nov 2014 18:11:43 +0000 (19:11 +0100)]
Fixed bug #66584 Segmentation fault on statement deallocation

10 years agoupdate NEWS
Ferenc Kovacs [Tue, 11 Nov 2014 23:18:13 +0000 (00:18 +0100)]
update NEWS

10 years agoPartial fix for bug #68365 (zend_mm_heap corrupted after memory overflow in zend_hash...
Dmitry Stogov [Fri, 7 Nov 2014 06:46:49 +0000 (09:46 +0300)]
Partial fix for bug #68365 (zend_mm_heap corrupted after memory overflow in zend_hash_copy)

10 years agoupdate NEWS
Stanislav Malyshev [Mon, 3 Nov 2014 19:43:15 +0000 (11:43 -0800)]
update NEWS

10 years agoFix bug #63595 GMP memory management conflicts with other libraries using GMP
Remi Collet [Mon, 27 Oct 2014 06:45:34 +0000 (07:45 +0100)]
Fix bug #63595 GMP memory management conflicts with other libraries using GMP

Drop use of php memory allocators as this raise various conflicts
with other extensions and libraries which use libgmp.

No other solution found.
We cannot for ensure correct use of allocator with shared lib.

Some memory can allocated before php init
Some memory can be freed after php shutdown

Known broken run cases
- php + curl + gnutls + gmp
- mod_gnutls + mod_php + gnutls + gmp
- php + freetds + gnutls + gmp
- php + odbc + freetds + gnutls + gmp
- php + php-mapi (zarafa) + gnutls + gmp

10 years agoInitialize the offset table - PCRE may sometimes miss offsets
Stanislav Malyshev [Mon, 3 Nov 2014 00:04:00 +0000 (16:04 -0800)]
Initialize the offset table - PCRE may sometimes miss offsets

10 years agoset default response code to 200
George Wang [Mon, 3 Nov 2014 16:42:01 +0000 (11:42 -0500)]
set default response code to 200

10 years agofix NEWS & version
Stanislav Malyshev [Wed, 22 Oct 2014 20:16:29 +0000 (13:16 -0700)]
fix NEWS & version

10 years agoNEWS
Remi Collet [Wed, 22 Oct 2014 13:39:49 +0000 (15:39 +0200)]
NEWS

10 years agoFix bug #68283: fileinfo: out-of-bounds read in elf note headers
Remi Collet [Wed, 22 Oct 2014 13:37:04 +0000 (15:37 +0200)]
Fix bug #68283: fileinfo: out-of-bounds read in elf note headers

Upstream commit
https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0

CVE -2014-3710

10 years agoFix bug #68113 (Heap corruption in exif_thumbnail())
Stanislav Malyshev [Sun, 28 Sep 2014 23:57:42 +0000 (16:57 -0700)]
Fix bug #68113 (Heap corruption in exif_thumbnail())

10 years agoFix bug #68089 - do not accept options with embedded \0
Stanislav Malyshev [Mon, 29 Sep 2014 00:53:49 +0000 (17:53 -0700)]
Fix bug #68089 - do not accept options with embedded \0

Conflicts:
ext/curl/interface.c

10 years agoFixed bug #68044: Integer overflow in unserialize() (32-bits only)
Stanislav Malyshev [Sun, 28 Sep 2014 21:19:31 +0000 (14:19 -0700)]
Fixed bug #68044: Integer overflow in unserialize() (32-bits only)

10 years agoFix bug #68027 - fix date parsing in XMLRPC lib
Stanislav Malyshev [Mon, 29 Sep 2014 00:33:44 +0000 (17:33 -0700)]
Fix bug #68027 - fix date parsing in XMLRPC lib

10 years agoupdate NEWS
Ard Biesheuvel [Fri, 10 Oct 2014 09:40:07 +0000 (11:40 +0200)]
update NEWS

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
10 years agoFixed a bug that causes crash when environment variable is access while parsing php.ini
George Wang [Fri, 3 Oct 2014 20:41:32 +0000 (16:41 -0400)]
Fixed a bug that causes crash when environment variable is access while parsing php.ini

10 years agoAdd hash to EXTENSIONS file
Sara Golemon [Fri, 3 Oct 2014 01:54:46 +0000 (18:54 -0700)]
Add hash to EXTENSIONS file

10 years agoSet an LDAP error code when failing ldap_bind due to null bytes
Matthew Daley [Sun, 28 Sep 2014 04:49:35 +0000 (17:49 +1300)]
Set an LDAP error code when failing ldap_bind due to null bytes

Some applications check a LDAP link's error code after seeing ldap_bind
fail due to a null byte bind attempt and hence incorrectly receive the
last set error code.

Fix by setting an LDAP error code before returning in this case.

10 years agoThis test should pass
Johannes Schlüter [Sat, 27 Sep 2014 00:17:26 +0000 (02:17 +0200)]
This test should pass

10 years ago- Updated to version 2014.8 (2014h)
Derick Rethans [Fri, 26 Sep 2014 15:26:59 +0000 (16:26 +0100)]
- Updated to version 2014.8 (2014h)

10 years agoupdate NEWS
Stanislav Malyshev [Fri, 26 Sep 2014 07:55:49 +0000 (00:55 -0700)]
update NEWS

10 years agoRevert xp_ssl.c to the state of 5.4.32 due to regressions
Stanislav Malyshev [Fri, 26 Sep 2014 07:44:24 +0000 (00:44 -0700)]
Revert xp_ssl.c to the state of 5.4.32 due to regressions

10 years agoFixed bug #66242 (don't assume char is signed)
Ard Biesheuvel [Sat, 20 Sep 2014 23:32:31 +0000 (16:32 -0700)]
Fixed bug #66242 (don't assume char is signed)

This fixes a bug in libmagic where a cast to 'char' is assumed to result
in sign extension to occur. However, unqualified 'char' is unsigned on
architectures such as ARM, so the cast needs to be to 'signed char'
explicitly.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
10 years agoFixed freetype test on multiple environments
Matteo Beccati [Tue, 16 Sep 2014 08:17:25 +0000 (10:17 +0200)]
Fixed freetype test on multiple environments

Some environments, apparently regardless to the freetype version, output 155, while others 156. I guess we can accept both ;)

This reverts commit 592df890276604c790d02be26b1b3c3710b3b888.

10 years agoFix NEWS
Remi Collet [Mon, 15 Sep 2014 06:23:25 +0000 (08:23 +0200)]
Fix NEWS
- #65641 mod_proxy-fcgi is not fixed (still open)
- #67606 mod_fastcgi is fixed in ee275e34c8b303945945c650d4bc90dcc2ac0b17