php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-26 17:38:14 +02:00
Code Issues Packages Projects Releases Wiki Activity
101,863 Commits 549 Branches 1,485 Tags
469820048df558040f6dec7c39471ad11e2a7cfb
Commit Graph

101863 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Stanislav Malyshev 469820048d Fix libmagic buffer overflow issue (CVE-2019-18218) 
Ported from https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84
 2019-10-27 16:30:38 -07:00
Joe Watkins 52f049879a bump version 2019-10-22 18:58:39 +02:00
Joe Watkins 326cd05dae set versions for release php-7.1.33 2019-10-22 18:56:55 +02:00
Jakub Zelenka ab061f95ca Fix bug #78599 (env_path_info underflow can lead to RCE) (CVE-2019-11043) 2019-10-20 22:50:04 -07:00
Joe Watkins fadd7f0f1e bump versions after release 2019-08-28 09:08:23 +02:00
Joe Watkins 481520d381 set versions for release php-7.1.32 2019-08-28 09:06:38 +02:00
Christoph M. Becker 7bf1f9d561 Fix #75457: heap-use-after-free in php7.0.25 
Backport <https://vcs.pcre.org/pcre?view=revision&revision=1638>.
 2019-08-25 19:19:50 -07:00
Stanislav Malyshev 1258303e66 Fix CVE-2019-13224: don't allow different encodings for onig_new_deluxe() 
Backport from https://github.com/kkos/oniguruma/commit/0f7f61ed1b7b697e283e37bd2d731d0bd57adb55
 2019-08-24 23:11:45 -07:00
Joe Watkins 1c01a1579e set version for release php-7.1.31 2019-07-31 08:21:39 +02:00
Christoph M. Becker cd1101e8c8 Fix #77919: Potential UAF in Phar RSHUTDOWN 
We have to properly clean up in case phar_flush() is failing.

We also make the expectation of the respective test case less liberal
to avoid missing such bugs in the future.
 2019-07-29 13:18:27 -07:00
Stanislav Malyshev 42e8b85d94 Update NEWS 2019-07-29 13:16:53 -07:00
Stanislav Malyshev aeb6d13185 Fix bug #78256 (heap-buffer-overflow on exif_process_user_comment) 2019-07-29 00:53:37 -07:00
Stanislav Malyshev dea2989ab8 Fix bug #78222 (heap-buffer-overflow on exif_scan_thumbnail) 2019-07-29 00:53:28 -07:00
Christoph M. Becker e944ae6b2a Upgrade to SQLite 3.28.0 
Over the years, multiple security vulnerabilities[1] have been found
and fixed in SQLite3, so it makes sense to update our bundled libsqlite
to the latest available version.

[1] <https://www.cvedetails.com/vulnerability-list/vendor_id-9237/Sqlite.html>
 2019-07-09 09:59:46 +02:00
Joe Watkins 5533f2490a bump version after release 2019-05-28 09:52:52 +02:00
Stanislav Malyshev c34895e837 Fix bug #77967 - Bypassing open_basedir restrictions via file uris 2019-05-27 18:48:48 -07:00
Stanislav Malyshev 73ff4193be Fix bug #77988 - heap-buffer-overflow on php_jpg_get16 2019-05-27 17:28:09 -07:00
Stanislav Malyshev 16e037bd46 Update NEWS 2019-05-27 16:48:32 -07:00
Stanislav Malyshev 7cf7148a8f Fix bug #78069 - Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow 2019-05-27 16:32:42 -07:00
Christoph M. Becker ed6dee9a19 Fix #77973: Uninitialized read in gdImageCreateFromXbm 
We have to ensure that `sscanf()` does indeed read a hex value here,
and bail out otherwise.
 2019-05-27 16:11:32 -07:00
Stanislav Malyshev f80ad18afa Fix bug #77950 - Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG 
I do not completely understand what is going on there, but I am pretty
sure dir_entry <= offset_base if not a normal situation, so we better not
to rely on such dir_entry.
 2019-04-30 00:05:23 -07:00
Christoph M. Becker 6c631ccfef Fix #77821: Potential heap corruption in TSendMail() 
`zend_string_tolower()` returns a copy (not a duplicate) of the given
string, if it is already in lower case.  In this case we must not not
`zend_string_free()` both strings.  The cleanest solution is to call
` zend_string_release()` on both strings, which properly handles the
refcount.
 2019-04-29 22:08:19 -07:00
Stanislav Malyshev 588db7cecf Always use ZEND_SECURE_ZERO() when cleaning up data 
Optimizing compilers have an annoying tendency to throw out
memsets over data that they think aren't used anymore. Apply secure
zero-out in cases where this has potential to happen.
 2019-04-06 18:15:42 -07:00
Joe Watkins 731eeb8dec bump versions after release 2019-04-02 16:50:20 +02:00
Remi Collet dc1cd3daf2 fix paste issue 2019-04-02 11:05:09 +02:00
Christoph M. Becker 01a4de5c58 Pointer arithmetic on void pointers is illegal 
We quick-fix this by casting to char*; it might be more appropriate to
use char pointers in the first place.
 2019-04-02 10:39:44 +02:00
Stanislav Malyshev 887a7b5714 Fixed bug #77831 - Heap-buffer-overflow in exif_iif_add_value in EXIF 2019-04-02 00:12:26 -07:00
Stanislav Malyshev c684d32fb8 Update NEWS 2019-03-31 23:11:15 -07:00
Stanislav Malyshev f3aefc6d07 Fix bug #77753 - Heap-buffer-overflow in php_ifd_get32s 2019-03-31 23:09:06 -07:00
Nikita Popov 0ecac37c40 Validate subject encoding in mb_split and mb_ereg_match 
We were already validating the subject encoding in most functions,
but not these two.
 2019-03-27 23:20:27 -07:00
Nikita Popov 40fe50daf6 Validate pattern against mbregex encoding 
Oniguruma does not consistently perform this validation itself (at least
on older versions), so make sure we check pattern encoding validity on the
PHP side.
 2019-03-27 23:19:46 -07:00
bohwaz 58c25bf679 SQLite3: add DEFENSIVE config for SQLite >= 3.26.0 as a mitigation strategy against potential security flaws 2019-03-11 18:02:03 +01:00
Anatol Belski 66bd861fcd Sync with behavior change in OpenSSL 1.1.1b 
A behavior change in revealed by some openssl_decrypt() based test,
where an encrypt API is used with a decrypt context. The EVP_Cipher*
functions will automatically choose the right operation depending on the
context passed.

(cherry picked from commit 19a44ffb7b)
 2019-03-08 15:47:32 +01:00
Joe Watkins b6308f5b48 fix news 2019-03-05 20:50:07 +01:00
Joe Watkins 58c5df3d37 bump versions after release 2019-03-05 18:28:47 +01:00
Stanislav Malyshev e3133e4db7 Fix bug #77630 - safer rename() procedure 
In order to rename safer, we do the following:
- set umask to 077 (unfortunately, not TS, so excluding ZTS)
- chown() first, to set proper group before allowing group access
- chmod() after, even if chown() fails
 2019-03-04 09:15:11 -08:00
Stanislav Malyshev e0f5d62bd6 Fix bug #77586 - phar_tar_writeheaders_int() buffer overflow 2019-03-03 23:05:32 -08:00
Stanislav Malyshev 759e841b24 Update NEWS 2019-03-03 20:10:12 -08:00
Stanislav Malyshev 44f87fbf36 Fix test error message 2019-03-03 19:30:14 -08:00
Stanislav Malyshev 8ac6fee856 Fix bug #77563 - Uninitialized read in exif_process_IFD_in_MAKERNOTE 
Also fix for bug #77659
 2019-03-03 18:35:43 -08:00
Stanislav Malyshev 5f0e62a3e5 Fix bug #77540 - Invalid Read on exif_process_SOFn 2019-03-03 18:35:26 -08:00
Stanislav Malyshev 5e824a88d0 Fix integer overflows on 32-bits 2019-03-03 18:35:04 -08:00
Christoph M. Becker 254a5914ad Fix #77431 SplFileInfo::__construct() accepts NUL bytes 
`SplFileInfo::__construct()` has to expect a path instead of a string,
analogous to `SplFileObject::__construct()`.
 2019-03-03 18:23:46 -08:00
Stanislav Malyshev 7f0ab7c20c Fix bug #77396 - Null Pointer Dereference in phar_create_or_parse_filename 2019-03-03 18:22:32 -08:00
Derick Rethans 65d81833bb Use pkg-config for ICU, as the old icu-config has been deprecated 2019-02-07 14:00:39 +01:00
Sara Golemon fabade1573 Bump for 7.1.27 2019-01-08 14:17:43 -05:00
Stanislav Malyshev 27625f063e Still leaking for some reason, XFAIL for now, I'll look into it later. 2019-01-07 01:03:04 -08:00
Stanislav Malyshev 1afebfb3fa Merge branch 'PHP-5.6' into PHP-7.1 
* PHP-5.6:
  Fix bug #77418 - Heap overflow in utf32be_mbc_to_code
  [ci skip] Add NEWS
  Fix more issues with encodilng length
  Fix #77270: imagecolormatch Out Of Bounds Write on Heap
  Fix bug #77380  (Global out of bounds read in xmlrpc base64 code)
  Fix bug #77371 (heap buffer overflow in mb regex functions - compile_string_node)
  Fix bug #77370 - check that we do not read past buffer end when parsing multibytes
  Fix #77269: Potential unsigned underflow in gdImageScale
  Fix bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext)
  Fix bug #77242 (heap out of bounds read in xmlrpc_decode())
  Regenerate certs for openssl tests
 2019-01-06 23:33:34 -08:00
Stanislav Malyshev 9d6c59eeea Fix bug #77418 - Heap overflow in utf32be_mbc_to_code 2019-01-06 23:31:15 -08:00
Stanislav Malyshev 08bb0ce4e4 Add NEWS 2019-01-06 13:08:24 -08:00