php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-22 07:28:09 +02:00
Code Issues Packages Projects Releases Wiki Activity
96,582 Commits 549 Branches 1,485 Tags
1e0499b0956854fc1bdcbb9dcea888f05005d8d7
Commit Graph

42163 Commits

Author SHA1 Message Date
Stanislav Malyshev dde7a05978 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Fix bug #75981: prevent reading beyond buffer start
 2018-02-26 22:26:26 -08:00
Stanislav Malyshev 523f230c83 Fix bug #75981: prevent reading beyond buffer start 2018-02-26 22:25:51 -08:00
Stanislav Malyshev 459ab2eef4 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Update NEWS
  Fixed bug #75571: Potential infinite loop in gdImageCreateFromGifCtx
  Fix bug #74782: remove file name from output to avoid XSS
 2018-01-01 20:28:01 -08:00
Christoph M. Becker 8d6e958867 Fixed bug #75571: Potential infinite loop in gdImageCreateFromGifCtx 
Due to a signedness confusion in `GetCode_` a corrupt GIF file can
trigger an infinite loop.  Furthermore we make sure that a GIF without
any palette entries is treated as invalid *after* open palette entries
have been removed.
 2018-01-01 19:51:26 -08:00
Stanislav Malyshev 73ca9b3773 Fix bug #74782: remove file name from output to avoid XSS 2018-01-01 19:51:02 -08:00
Dmitry Stogov da61c7a2a4 Fixed bug #75579 (Interned strings buffer overflow may cause crash) 
(cherry picked from commit 37bf8bdc14)
 2017-12-22 18:22:08 +01:00
Lior Kaplan 32e3d7b99e Define floorf if system doesn't have it (follow up for 22c48761) 
floorf is checked in config.m4
 2017-11-29 16:46:47 +01:00
Remi Collet 8e5b9532da Fixed bug #64938 libxml_disable_entity_loader setting is shared between requests (FPM) 2017-11-28 17:58:28 +01:00
Scott 269d160159 Fix bug #75409 2017-11-22 04:26:54 +00:00
Nester 8fdef981ef Fixed #75539 and #74183 - preg_last_error not returning error code after error 2017-11-21 20:10:18 +01:00
Remi Collet 702ef27364 Better fix bug #75540 Segfault with libzip 1.3.1 
- only 1.3.1 is affected
- fix use after free
 2017-11-20 09:42:20 +01:00
Remi Collet de47d4792f fix bug #75540 Segfault with libzip 1.3.1 2017-11-20 08:49:46 +01:00
Nikita Popov 0e097f2c96 Fixed bug #75535 
The sizeof()s for Content-Length and Transfer-Encoding were missing
the trailing ":". Apart from being generally wrong, this no longer
verified that the header actually contains a colon, leading to the
null http_header_value being used.

Additionally, in the interest of being defensive, also make sure
that http_header_value is non-null by setting it to the end of
the header line (effectively an empty string) if there is no colon.
If the following conditions are correct, this value is not going
to be used though.
 2017-11-17 23:18:05 +01:00
Derick Rethans ca0bcf535c Fixed ext/date tests due to changes in Olson database 2017-11-07 11:25:28 +00:00
Nikita Popov d88ef8d7e1 Fix ext/soap/tests/bug69137.phpt 
Switch to example.org. Also mark it as an online test.
 2017-11-02 20:56:03 +01:00
Anatol Belski dbfa0140ae Sync and fix tests for ICU 60.1 compat 2017-11-02 12:37:04 +01:00
Anatol Belski 68c500421c Add missing ICU version check 2017-10-30 18:15:26 +01:00
Jakub Zelenka fc169d2133 Prevent leaking x509 and csr resources if it is not requested 
All functions using php_openssl_x509_from_zval or php_openssl_csr_from_zval
with makeresource equal to 0 do not deref the resource which means there
is a leak till the end of the request. This can cause issues for long
running apps. It is a generic solution for bug #75363 which also covers
other functions.
 2017-10-30 16:40:56 +00:00
Jakub Zelenka d8ccffa79a Extend and speed up pkey export tests 2017-10-30 16:40:56 +00:00
Jakub Zelenka e78e839e53 Rewrite openssl_csr_get_subject test to improve coverage 2017-10-30 16:40:56 +00:00
Jakub Zelenka 528aa540b4 Add openssl_csr_get_public_key test 2017-10-30 16:40:56 +00:00
Jakub Zelenka 548798818b Extend openssl_pkcs7_* tests to cover resource cert 2017-10-30 16:40:56 +00:00
Jakub Zelenka 55d92413b9 Fix cleaning tmp output file in openssl_csr_export_to_file test 2017-10-30 16:40:56 +00:00
Jelle van der Waa 5812f7a8d3 openssl: add basic openssl_csr_export_to_file tests 
Add a basic test for openssl_csr_export_to_file.
 2017-10-30 16:40:56 +00:00
Jakub Zelenka 628a52d365 Extend openssl_csr_sign test to cover cert resource 2017-10-30 16:40:56 +00:00
Jakub Zelenka 80191eebec Set different invalid path in openssl_pkcs12_export so it is more unlikely to exist 2017-10-30 16:40:55 +00:00
Jakub Zelenka cd66aad141 Extend openssl_x509_parse to cover cert resource 2017-10-30 16:40:55 +00:00
Jakub Zelenka c1d98588a2 Rename and test resource cert in openssl_x509_checkpurpose test 2017-10-30 16:40:55 +00:00
Jakub Zelenka d23d4fd61b Extend openssl_x509_check_private_key to test resource cert 2017-10-30 16:40:55 +00:00
Jakub Zelenka be0758b75a Extend openssl_x509_fingerprint test to cover resource cert with sha1 2017-10-30 16:40:55 +00:00
Fabien Villepinte a308000ff2 Fix bug #75464 Wrong reflection on SoapClient::__setSoapHeaders 2017-10-30 14:13:05 +00:00
Fabien Villepinte e6aea3dc78 Fix bug #75453 Incorrect reflection on ibase_connect and ibase_pconnect 2017-10-30 06:55:00 +00:00
Fabien Villepinte 938f256ed9 Fix bug #75434 Wrong reflection for mysqli_fetch_all function 2017-10-28 12:57:25 +02:00
Fabien Villepinte 51ea2cfbe1 Fix bug #75307 Wrong reflection for openssl_open function 2017-10-27 16:06:01 +01:00
Anatol Belski 15a71fe045 Skip test on PostgreSQL 10 
The 42P18 error is not produced by the server anymore.
 2017-10-27 16:19:42 +02:00
Anatol Belski 24b1bb0abd Fix test compat for PostgreSQL 10 2017-10-27 14:58:43 +02:00
Anatol Belski 10dc1950f7 Apply upstream patch for CVE-2017-14107 2017-10-27 13:20:15 +02:00
Anatol Belski f6e8ce8121 Backport and apply upstream patch for CVE-2017-14107 2017-10-27 13:16:56 +02:00
Fabien Villepinte 578ba71b3b Fix typo in comments 2017-10-25 20:59:40 +01:00
Fabien Villepinte e763a1cdc7 Fix the SKIPIF part in /ext/gd/tests/bug75437.phpt 2017-10-25 14:39:38 +02:00
Fabien Villepinte 0fbb9f343f Fix bug #75437 Wrong reflection on imagewebp 2017-10-25 12:54:05 +02:00
Anatol Belski e19bf29b53 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Parametrize the expected value to avoid platform false positives
 2017-10-24 18:36:56 +02:00
Anatol Belski 45ac5edbd9 Parametrize the expected value to avoid platform false positives 2017-10-24 18:33:21 +02:00
Sara Golemon 68e27b0763 Decref default_link when clearing 2017-10-24 11:37:59 -04:00
Christoph M. Becker 22c487616f Fixed bug #65148 (imagerotate may alter image dimensions) 
We apply the respective patches from external libgd, work around the
still missing `gdImageClone()`, and fix the special cased rotation
routines according to Pierre's patch
(https://gist.github.com/pierrejoye/59d72385ed1888cf8894a7ed437235ae).

We also cater to bug73272.phpt whose result obviously changes a bit.
 2017-10-24 17:02:56 +02:00
Derick Rethans 8e3260376c Update timezonemap.h, which needs to match the bundled TZ db 2017-10-24 14:55:13 +01:00
Anatol Belski 968c8fc0d5 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Fixed bug #72535 arcfour encryption stream filter crashes php
 2017-10-24 14:04:08 +02:00
Anatol Belski 37acebcc8c Fixed bug #72535 arcfour encryption stream filter crashes php 2017-10-24 13:59:18 +02:00
Anatol Belski 5efbcd1882 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Fixed bug #75055 Out-Of-Bounds Read in timelib_meridian()
  Apply upstream patch for CVE-2016-1283
 2017-10-24 13:38:48 +02:00
Anatol Belski a7815e63bd Fixed bug #75055 Out-Of-Bounds Read in timelib_meridian() 2017-10-24 11:28:17 +02:00