php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-30 03:33:17 +02:00
Code Issues Packages Projects Releases Wiki Activity
135,193 Commits 549 Branches 1,487 Tags
3f1e1ee46770dc347fd31d377a93ffa56d58cad3
Commit Graph

135193 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ilija Tovilo 3f1e1ee467 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  [skip ci] Don't test mysqli with libmysqlclient 8.4
 2024-11-20 14:19:18 +01:00
Ilija Tovilo aa40d3abcc Merge branch 'PHP-8.1' into PHP-8.2 
* PHP-8.1:
  [skip ci] Don't test mysqli with libmysqlclient 8.4
 2024-11-20 14:19:10 +01:00
Ilija Tovilo e23ac8341a [skip ci] Don't test mysqli with libmysqlclient 8.4 
There are compile errors with 8.4 that we are no longer fixing.
 2024-11-20 14:19:02 +01:00
Christoph M. Becker 9a0c35120f Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Make MySQLnd protocol stmt test work on 32bit
 2024-11-20 13:53:35 +01:00
Christoph M. Becker dedb0f8877 Merge branch 'PHP-8.1' into PHP-8.2 
* PHP-8.1:
  Make MySQLnd protocol stmt test work on 32bit
 2024-11-20 13:53:16 +01:00
Jakub Zelenka c70b97d8eb Make MySQLnd protocol stmt test work on 32bit 
Closes GH-16869.
 2024-11-20 13:52:53 +01:00
Ilija Tovilo 378307cc4e Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  [skip ci] Backport GA root workflow changes
 2024-11-20 13:42:36 +01:00
Ilija Tovilo f8c37dc971 Merge branch 'PHP-8.1' into PHP-8.2 
* PHP-8.1:
  [skip ci] Backport GA root workflow changes
 2024-11-20 13:42:28 +01:00
Ilija Tovilo 9acf0a4009 [skip ci] Backport GA root workflow changes 2024-11-20 13:41:39 +01:00
Jakub Zelenka ffff27f734 Merge branch 'PHP-8.2' into PHP-8.3 2024-11-20 11:12:19 +01:00
Jakub Zelenka 78c201a310 Update NEWS with security fixes info 2024-11-20 11:09:13 +01:00
Niels Dossche f18d429b20 Fix GHSA-4w77-75f9-2c8w 2024-11-20 11:07:28 +01:00
Niels Dossche f3ade203d7 Fix GHSA-r977-prxv-hc43 
Move the bound check upwards. Since this doesn't generate output we can
check the bound first.
 2024-11-20 11:07:04 +01:00
Jakub Zelenka d37a20c4a2 Fix MySQLnd possible buffer over read in auth_protocol 2024-11-20 11:06:53 +01:00
Jakub Zelenka a21e48a93a Make MySQLnd protocol stmt test work on 32bit 2024-11-20 11:06:43 +01:00
Jakub Zelenka c595455300 Fix GHSA-h35g-vwh6-m678: Mysqlnd - various heap buffer over-reads 
This fixes issues causing buffer over-read that leak heap content:
- RESP packet field default left over for COM_LIST
- RESP packet upsert filename
- OK packet message
- RESP packet for stmt row data
  - ps_fetch_from_1_to_8_bytes
  - ps_fetch_float
  - ps_fetch_double
  - ps_fetch_time
  - ps_fetch_date
  - ps_fetch_datetime
  - ps_fetch_string
  - ps_fetch_bit
- RESP packet for query row data (just possible overflow on 32bit)

It also adds various protocol tests using a new fake server.
 2024-11-20 11:06:26 +01:00
Niels Dossche fba659abb9 Fix GHSA-g665-fm4p-vhff: OOB access in ldap_escape 2024-11-20 11:06:12 +01:00
Jakub Zelenka d7fe40868e Fix GHSA-c5f2-jwm7-mmq2: stream HTTP fulluri CRLF injection 2024-11-20 11:06:02 +01:00
Niels Dossche 7a25e7728d Fix GHSA-5hqh-c84r-qjcv: Integer overflow in the firebird quoter causing OOB writes 2024-11-20 11:05:55 +01:00
Niels Dossche 4a79a5a59a Fix GHSA-5hqh-c84r-qjcv: Integer overflow in the dblib quoter causing OOB writes 2024-11-20 11:05:48 +01:00
Dmitry Stogov d1a9281814 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Use the immutable twin of temporary op_array (#16861)
 2024-11-19 20:55:32 +03:00
Dmitry Stogov ef5844a1ca Use the immutable twin of temporary op_array (#16861) 2024-11-19 20:55:15 +03:00
Patrick Allaert 65bd3dbd2c Merge branch 'PHP-8.2' into PHP-8.3 2024-11-19 16:12:02 +01:00
Patrick Allaert 27a9965b97 Merge branch 'PHP-8.1' into PHP-8.2 2024-11-19 16:11:41 +01:00
Dmitry Stogov c6c3d9fa5a Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Backport JIT fix: set valid EX(opline) before calling gc_possible_root() (#16858)
 2024-11-19 18:04:15 +03:00
Dmitry Stogov 6167c64782 Backport JIT fix: set valid EX(opline) before calling gc_possible_root() (#16858) 2024-11-19 18:03:54 +03:00
Niels Dossche 6a632a2d60 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix GH-16630: UAF in lexer with encoding translation and heredocs
 2024-11-18 19:59:01 +01:00
Niels Dossche fc1db70f10 Fix GH-16630: UAF in lexer with encoding translation and heredocs 
zend_save_lexical_state() can be nested multiple times, for example for
the parser initialization and then in the heredoc lexing. The input
should not be freed if we restore to the same filtered string.

Closes GH-16716.
 2024-11-18 19:58:02 +01:00
Jakub Zelenka a001ad33f0 Update NEWS with security fixes info 2024-11-18 16:56:00 +01:00
Jakub Zelenka 32f905f1d6 Fix MySQLnd possible buffer over read in auth_protocol 2024-11-18 16:55:44 +01:00
Jakub Zelenka 1b6c3f7172 Merge branch 'PHP-8.2' into PHP-8.3 2024-11-18 16:48:50 +01:00
Jakub Zelenka cae2582416 Run labeler only in php/php-src repository 
Closes GH-16844
 2024-11-18 16:43:15 +01:00
Dmitry Stogov 5198bcc561 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fixed test
 2024-11-18 15:35:09 +03:00
Dmitry Stogov 71403558d3 Fixed test 2024-11-18 15:34:55 +03:00
Dmitry Stogov 5575703fb3 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix GH-16829: Segmentation fault with opcache.jit=tracing enabled on aarch64
 2024-11-18 14:34:42 +03:00
Dmitry Stogov 79aaeeafe5 Fix GH-16829: Segmentation fault with opcache.jit=tracing enabled on aarch64 2024-11-18 14:27:08 +03:00
Niels Dossche 7dd336ae83 Fix GHSA-4w77-75f9-2c8w 2024-11-18 11:06:01 +01:00
Niels Dossche 81030c9bbb Fix GHSA-r977-prxv-hc43 
Move the bound check upwards. Since this doesn't generate output we can
check the bound first.
 2024-11-17 19:30:44 +01:00
Jakub Zelenka 2f5aa9f9d1 Fix GHSA-h35g-vwh6-m678: Mysqlnd - various heap buffer over-reads 
This fixes issues causing buffer over-read that leak heap content:
- RESP packet field default left over for COM_LIST
- RESP packet upsert filename
- OK packet message
- RESP packet for stmt row data
  - ps_fetch_from_1_to_8_bytes
  - ps_fetch_float
  - ps_fetch_double
  - ps_fetch_time
  - ps_fetch_date
  - ps_fetch_datetime
  - ps_fetch_string
  - ps_fetch_bit
- RESP packet for query row data (just possible overflow on 32bit)

It also adds various protocol tests using a new fake server.
 2024-11-17 19:30:13 +01:00
Niels Dossche f9ecf90070 Fix GHSA-g665-fm4p-vhff: OOB access in ldap_escape 2024-11-17 19:29:56 +01:00
Jakub Zelenka 426a6d4539 Fix GHSA-c5f2-jwm7-mmq2: stream HTTP fulluri CRLF injection 2024-11-17 19:29:45 +01:00
Niels Dossche 69c5f68fdc Fix GHSA-5hqh-c84r-qjcv: Integer overflow in the firebird quoter causing OOB writes 2024-11-17 19:29:26 +01:00
Niels Dossche d9baa9fed8 Fix GHSA-5hqh-c84r-qjcv: Integer overflow in the dblib quoter causing OOB writes 2024-11-17 19:29:16 +01:00
David Carlier 3fd0e4c461 Merge branch 'PHP-8.2' into PHP-8.3 2024-11-17 12:27:26 +00:00
David Carlier 80894d87d5 Fix GH-16834: cal_from_jd overflow on julian_day argument. 
close GH-16836
 2024-11-17 12:27:02 +00:00
Niels Dossche 18b18f0ee0 Fix GH-16777: Calling the constructor again on a DOM object after it is in a document causes UAF 
Closes GH-16824.
 2024-11-16 13:42:01 +01:00
Niels Dossche 2ba18590bf Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix GH-16808: Segmentation fault in RecursiveIteratorIterator->current() with a xml element input
 2024-11-16 13:41:29 +01:00
Niels Dossche fbb0061993 Fix GH-16808: Segmentation fault in RecursiveIteratorIterator->current() with a xml element input 
When the current data is invalid, NULL must be returned. At least that's
how the check in SPL works and how other extensions do this as well.
If we don't do this, an UNDEF value gets propagated to a return value
(misprinted as null); leading to issues.

Closes GH-16825.
 2024-11-16 13:39:46 +01:00
Niels Dossche 179ca2bf2a Fix GH-16802: open_basedir bypass using curl extension 
And fix a memleak while here.

Closes GH-16804.
 2024-11-15 21:17:36 +01:00
Niels Dossche ed59c00661 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix GH-16799: Assertion failure at Zend/zend_vm_execute.h:7469
 2024-11-15 20:03:19 +01:00