276bead9c4
Add NEWS entry for bug #67730
...
Included in 5.4.32 with commit 706aefb
2014-08-20 00:54:19 +03:00
359bc0ee2f
Add CVE ID for bug #67539
2014-08-20 00:51:37 +03:00
cbe1597b74
Switch use of strtok() to gd_strtok_r()
...
strtok() is not thread safe, so this will potentially break in
very bad ways if used in ZTS mode.
I'm not sure why gd_strtok_r() exists since it seems to do the
same thing as strtok_r(), but I'll assume it's a portability
decision and do as the Romans do.
2014-08-19 13:16:44 -07:00
5a7039035c
Merge tag 'PHP-5.4.32' into PHP-5.4
...
5.4.32
* tag 'PHP-5.4.32':
5.4.32
fix potentially missing NUL termination
Fix bug #67730 - Null byte injection possible with imagexxx functions
Fixed bug #67717 - segfault in dns_get_record
Fix bug #67716 - Segfault in cdf.c
5.4.32 RC1
Conflicts:
configure.in
main/php_version.h
2014-08-19 01:33:45 -07:00
eb2360602e
5.4.32
2014-08-19 00:40:27 -07:00
88c48a4b95
NEWS
2014-08-19 08:40:18 +02:00
2fefae4771
Fixed Sec Bug #67717 segfault in dns_get_record CVE-2014-3597
...
Incomplete fix for CVE-2014-4049
Check possible buffer overflow
- pass real buffer end to dn_expand calls
- check buffer len before each read
2014-08-19 08:33:49 +02:00
2b10db8e10
fix potentially missing NUL termination
2014-08-18 23:04:24 -07:00
706aefb781
Fix bug #67730 - Null byte injection possible with imagexxx functions
2014-08-18 22:49:10 -07:00
529da0f74c
Fixed bug #67717 - segfault in dns_get_record
2014-08-18 22:37:25 -07:00
1504f7d630
Correct typo in comments: 'initialized'
2014-08-17 21:32:53 +03:00
3f42f2f5d1
typofixes
2014-08-17 15:44:02 +03:00
0407bdf252
Add NEWS
2014-08-15 23:08:29 +00:00
7bfe9bf951
Merge branch 'pull-request/772' into PHP-5.4
...
* pull-request/772:
Fix failing tests
Patch for bug #67839 (mysqli does not handle 4-byte floats correctly)
Before the patch, a value of 9.99 in a FLOAT column came out of mysqli
as 9.9998998641968. This is because it would naively cast a 4-byte float
into PHP's internal 8-byte double.
To fix this, with GCC we use the built-in decimal support to "up-convert"
the 4-byte float to a 8-byte double.
When that is not available, we fall back to converting the float
to a string and then converting the string to a double. This mimics
what MySQL does.
2014-08-15 23:06:55 +00:00
7ba1409a1a
Fix bug #67716 - Segfault in cdf.c
2014-08-14 17:44:19 -07:00
35f32637b0
Fix bug #67716 - Segfault in cdf.c
2014-08-14 17:21:20 -07:00
eab42649ab
fix test
2014-08-14 17:07:28 -07:00
b7cd099ae0
split the glob() test to test different basedir
2014-08-14 17:04:51 -07:00
ad492ca932
fixed glob() edge case on windows, ref bug #47358
2014-08-14 16:58:16 -07:00
481c4715d4
- fix bug #47358 , glob returns error, should be empty array()
...
Conflicts:
ext/standard/dir.c
2014-08-14 16:56:22 -07:00
4e2c01617f
Fix failing tests
2014-08-14 18:20:26 +00:00
c044164a96
Patch for bug #67839 (mysqli does not handle 4-byte floats correctly)
...
Before the patch, a value of 9.99 in a FLOAT column came out of mysqli
as 9.9998998641968. This is because it would naively cast a 4-byte float
into PHP's internal 8-byte double.
To fix this, with GCC we use the built-in decimal support to "up-convert"
the 4-byte float to a 8-byte double.
When that is not available, we fall back to converting the float
to a string and then converting the string to a double. This mimics
what MySQL does.
2014-08-14 18:19:56 +00:00
aeb633543b
Merge branch 'PHP-5.3' into PHP-5.4
2014-08-14 17:13:44 +02:00
7311087cf0
Update Git rules
2014-08-14 17:08:02 +02:00
1355ea60cc
Back to -dev (with EOL notice in NEWS)
2014-08-14 17:05:20 +02:00
babeca356b
It's 2014 already, fix copyright year where user visible
...
Left out all file headers
2014-08-13 21:22:50 +02:00
1847cf10c1
PHP 5.3.29
2014-08-13 18:36:10 +02:00
f6896e4395
Fixed #66091
2014-08-13 20:12:42 +08:00
8c247af1fc
updated NEWS
2014-08-12 11:50:26 +02:00
daa1fb8ba6
backported the fix for bug #41577
2014-08-12 11:49:46 +02:00
39dd715382
fix the failing date tests introduced with the latest timezonedb update
...
Derick confirmed on irc that the new/current behavior is the correct and that the tests should be updated to reflect it
2014-08-12 10:34:54 +02:00
84a4041ba4
fix TS build
2014-08-07 19:49:59 +02:00
1ff30fd88c
Update NEWS
2014-08-07 12:37:50 -04:00
6569db8808
Bug #41631 : Observe socket read timeouts in SSL streams
2014-08-07 11:47:42 -04:00
7189039d65
wrap int8_t and int16_t with #ifdef to avoid possible clashes
2014-08-07 15:20:17 +02:00
7df4087b98
- Updated to version 2014.6 (2014f)
2014-08-07 10:22:09 +01:00
d72b943262
Add EXPECTF
2014-08-06 15:27:29 +03:00
9444bc7997
Merge branch 'PHP-5.4' of git.php.net:php-src into PHP-5.4
2014-08-06 14:52:55 +03:00
547451796c
Fix handling of multi-result sets with PS...used to clean not only
...
the result set but the whole PS.
2014-08-06 14:52:12 +03:00
65cf73c931
5.4.33-dev now
2014-08-05 21:24:55 -07:00
fd28010e20
5.4.32 RC1
2014-08-05 21:03:35 -07:00
e4ff7f2ee3
Fixed Bug #67724
...
(chained zlib filters silently fail with large amounts of data)
Use the same buffer size zlib uses internally to avoid
Z_DATA_ERROR on massively compressed data
2014-08-05 15:44:43 +02:00
f59506cd27
typo
2014-08-04 11:08:30 +02:00
d3b5ed0787
NEWS
2014-08-04 10:46:53 +02:00
cf4753691d
Fixed Bug #66901 php-gd 'c_color' NULL pointer dereference
...
Upstream https://bitbucket.org/libgd/gd-libgd/commits/463c3bd09bfe8e924e19acad7a2a6af16953a704
Notice: this fix don't manage monochrome/monovisual values
but just fix the security issue CVE-2014-2497
failing when trying to load such an image
2014-08-04 10:42:39 +02:00
ae74549239
backport the fix for bug #67739
2014-08-04 09:57:08 +02:00
61ec9b5b0f
add test
2014-08-04 00:08:08 -07:00
eeaec70758
Fix bug #67705 (extensive backtracking in rule regular expression)
2014-08-04 00:05:40 -07:00
990ecc12fc
PHP 5.3.29RC1
2014-07-31 15:40:51 +02:00
0fe07a0e74
Fix missing type checks in various functions
2014-07-31 15:36:24 +02:00
Lior Kaplan