f1f39d7ed7
Fix parenthesis warning
2018-09-04 05:32:25 +02:00
7fb7869e13
Fix stack underflow in phar
...
The checks can issue reads below and above the temporary buffer. A read
itself doesn't seem dangerous, but the condition result can be
arbitrary. Such reads have to be avoided. Likely this patch should be
backported.
(cherry picked from commit b053beee7e
2018-08-30 19:33:07 +02:00
95ee9efa57
Merge branch 'PHP-7.0' into PHP-7.1
...
* PHP-7.0:
Fix tsrm_ls
Fix #76129 - remove more potential unfiltered outputs for phar
Fix test
Fix bug #76248 - Malicious LDAP-Server Response causes Crash
Fix bug #76249 - fail on invalid sequences
Fix #76130 : Heap Buffer Overflow (READ: 1786) in exif_iif_add_value
Fix bug #75981 : prevent reading beyond buffer start
2018-04-23 22:00:24 -07:00
5a18d7a0df
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
Fix tsrm_ls
Fix #76129 - remove more potential unfiltered outputs for phar
Fix test
Fix bug #76248 - Malicious LDAP-Server Response causes Crash
Fix bug #76249 - fail on invalid sequences
Fix #76130 : Heap Buffer Overflow (READ: 1786) in exif_iif_add_value
Fix bug #75981 : prevent reading beyond buffer start
2018-04-23 21:59:57 -07:00
6e64aba47f
Fix #76129 - remove more potential unfiltered outputs for phar
2018-04-23 13:43:43 -07:00
ff83c00715
Add a bit of defensive conding for bug #76155
...
Even though it should not be ever negative, since strlen() is size_t
better to be safe than sorry.
2018-04-22 20:27:42 -07:00
4ee9098514
Fixed bug #76085 (Segmentation fault in buildFromIterator when directory name contains a \n)
2018-03-13 12:51:26 +08:00
d806d0315f
Fixed bug #65414
2018-02-08 10:32:08 +01:00
2d4fb56c1d
Allow pecl like usage in ext/phar, closes #2955
2018-01-15 14:23:46 +01:00
fbfdd1e1c4
Happy new year (Update copyright to 2018)
2018-01-02 23:42:29 +02:00
bd23bcec3e
Merge branch 'PHP-7.1' of git.php.net:/php-src into PHP-7.1
...
* 'PHP-7.1' of git.php.net:/php-src:
Update NEWS
Fixed bug #75571 : Potential infinite loop in gdImageCreateFromGifCtx
Fix bug #74782 : remove file name from output to avoid XSS
2018-01-02 13:49:58 +08:00
ccd4716ec7
year++
2018-01-02 12:53:31 +08:00
92c19f8a26
Merge branch 'PHP-7.0' into PHP-7.1
...
* PHP-7.0:
Update NEWS
Fixed bug #75571 : Potential infinite loop in gdImageCreateFromGifCtx
Fix bug #74782 : remove file name from output to avoid XSS
2018-01-01 20:52:34 -08:00
459ab2eef4
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
Update NEWS
Fixed bug #75571 : Potential infinite loop in gdImageCreateFromGifCtx
Fix bug #74782 : remove file name from output to avoid XSS
2018-01-01 20:28:01 -08:00
73ca9b3773
Fix bug #74782 : remove file name from output to avoid XSS
2018-01-01 19:51:02 -08:00
bb9ea4e88b
Merge branch 'PHP-7.0' into PHP-7.1
...
* PHP-7.0:
Fix bug #74991 - include_path has a 4096 char (minus "__DIR__:") limit, in some PHAR cases
2017-07-26 10:47:22 +01:00
6b1fbafdf0
Fix bug #74991 - include_path has a 4096 char (minus "__DIR__:") limit, in some PHAR cases
2017-07-26 10:46:50 +01:00
b44484b912
Merge branch 'PHP-7.0' into PHP-7.1
...
* PHP-7.0:
Update copyright year to 2017
2017-07-24 17:24:10 +01:00
924ff6164e
Update copyright year to 2017
2017-07-24 17:23:57 +01:00
d6922ef8e3
Fix Bug #74386Phar::__construct(): wrong number of parameters by reflection
2017-05-29 08:31:47 +01:00
2dee44c74c
Fix Bug #74386 Phar::__construct(): wrong number of parameters by reflection
2017-05-29 08:29:30 +01:00
64adba3b3f
Merge branch 'PHP-7.0' into PHP-7.1
...
* PHP-7.0:
Fixed bug #51918 Phar::webPhar() does not handle requests sent through PUT and DELETE method
2017-05-02 14:46:15 +02:00
c0c0871911
Fixed bug #51918 Phar::webPhar() does not handle requests sent through PUT and DELETE method
...
phar: Support DELETE, HEAD and PUT HTTP methods in Phar::webPhar
Up to now only GET and POST requests could be handled with Phar::webPhar(),
which is insufficient for today's REST APIs.
This patch expands the list of supported HTTP methods.
2017-05-02 14:44:47 +02:00
9fe4d2d9cb
Merge branch 'PHP-7.0' into PHP-7.1
...
* PHP-7.0:
Fix of Bug #74383 : Wrong reflection on Phar::running
2017-04-10 06:32:40 +01:00
d9a05807d2
Fix of Bug #74383 : Wrong reflection on Phar::running
2017-04-10 06:32:15 +01:00
775afd5e2d
Fix of Bug #74383 : Wrong reflection on Phar::running
2017-04-10 06:24:57 +01:00
cdc33251d2
Add OpenSSL 1.1.0 support to PHP 7.0
2017-04-07 19:21:33 +01:00
929819aaac
Merge branch 'PHP-7.0' into PHP-7.1
...
* PHP-7.0:
fix remaining tests for Opcache runs
2017-01-13 17:21:01 +01:00
aaaef22db6
fix remaining tests for Opcache runs
...
The fail reason here is the TMP change while both top and test
run same binary with opcache enabled.
2017-01-13 17:16:15 +01:00
e7ce861def
Merge branch 'PHP-7.0' into PHP-7.1
...
* PHP-7.0:
Fix #70417 : PharData::compress() doesn't close temp file
2017-01-05 18:51:04 +01:00
995ecffbb2
Fix #70417 : PharData::compress() doesn't close temp file
...
According to the comment, it has not been deemed necessary to close compressed
files. However, we don't want to keep unclosed file handles to save ressources.
So we're also closing compressed archives, if they're not aliased.
2017-01-05 14:12:31 +01:00
dac6c639bb
Update copyright headers to 2017
2017-01-04 11:23:42 -06:00
478f119ab9
Update copyright headers to 2017
2017-01-04 11:14:55 -06:00
2075fb2b73
Merge branch 'PHP-7.0' into PHP-7.1
...
* PHP-7.0:
Fix bug #73737 FPE when parsing a tag format
Fix bug #73773 - Seg fault when loading hostile phar
Fix bug #73825 - Heap out of bounds read on unserialize in finish_nested_data()
Fix bug #73768 - Memory corruption when loading hostile phar
Fix int overflows in phar (bug #73764 )
2017-01-02 21:07:01 -08:00
7f0de1a138
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
Fix bug #73737 FPE when parsing a tag format
Fix bug #73773 - Seg fault when loading hostile phar
Fix bug #73825 - Heap out of bounds read on unserialize in finish_nested_data()
Fix bug #73768 - Memory corruption when loading hostile phar
Fix int overflows in phar (bug #73764 )
2017-01-02 21:01:35 -08:00
e5246580a8
Fix bug #73773 - Seg fault when loading hostile phar
2016-12-31 18:47:50 -08:00
b28b8b2fee
Fix bug #73768 - Memory corruption when loading hostile phar
2016-12-30 15:57:24 -08:00
ca46d0acbc
Fix int overflows in phar (bug #73764 )
2016-12-30 15:39:48 -08:00
5004ae2b62
Silence warning from unhandled enum
...
(cherry picked from commit 57bbe2c140
2016-12-17 00:12:33 +01:00
2f9e928af8
fix leaking streams and memory mapped files
...
(cherry picked from commit f1ff23095b
2016-12-17 00:12:19 +01:00
587f1b2427
Silence warning from unhandled enum
...
(cherry picked from commit 57bbe2c140
2016-12-16 22:55:13 +01:00
9cdf64c225
fix leaking streams and memory mapped files
...
(cherry picked from commit f1ff23095b
2016-12-16 22:55:02 +01:00
f9a80a0a29
Merge branch 'PHP-7.0' into PHP-7.1
...
* PHP-7.0:
Fix more size_t/int implicit conversions
2016-11-25 15:32:59 -08:00
8be94d46f8
Fix more size_t/int implicit conversions
...
Now the conversions are explicit and do checks. Not sure it's
the best way but at least we can see them now in the open.
2016-11-25 15:31:50 -08:00
bcc913fa8b
Fix int/size_t confusion in isValidPharFilename (bug #73580 )
2016-11-25 15:31:50 -08:00
7010547c4e
Fix more size_t/int implicit conversions
...
Now the conversions are explicit and do checks. Not sure it's
the best way but at least we can see them now in the open.
2016-11-25 15:30:20 -08:00
2cc3df3252
Merge branch 'PHP-7.0' into PHP-7.1
...
* PHP-7.0:
Fix int/size_t confusion in isValidPharFilename (bug #73580 )
2016-11-25 13:43:59 -08:00
cb6bcaa61f
Fix int/size_t confusion in isValidPharFilename (bug #73580 )
2016-11-25 13:42:35 -08:00
9b41591883
Remove binary casts from PHAR's default stub
2016-11-09 03:23:15 +00:00
001fbbb94f
fix erroneous resource destruction
2016-09-14 12:07:38 +02:00
Nikita Popov