php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-17 21:11:02 +02:00
Code Issues Packages Projects Releases Wiki Activity
100,063 Commits 547 Branches 1,483 Tags
7dd52cbcddbd2af7ea64edc4a3cb337aa68cefe9
Commit Graph

850 Commits

Author SHA1 Message Date
Nikita Popov
8660e95b4c Fixed bug #74041 2017-02-03 17:54:39 +01:00
Nikita Popov
9cc34c4e3e Merge branch 'PHP-7.0' into PHP-7.1 2017-01-10 00:09:02 +01:00
Nikita Popov
69058f35f8 Un-XFAIL serialization test 2017-01-10 00:07:38 +01:00
Joe Watkins
ff4e330eae Merge branch 'pull-request/1905' 
* pull-request/1905:
   pack()/unpack() for Big Endian float/double and Little Endian float/double
 2017-01-03 10:50:19 +00:00
Joe Watkins
e42a01bcd5 Merge branch 'pull-request/1905' 
* pull-request/1905:
   pack()/unpack() for Big Endian float/double and Little Endian float/double
 2017-01-03 10:49:53 +00:00
Anatol Belski
9c7540d357 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  improve skipif
 2016-12-01 13:33:42 +01:00
Anatol Belski
043d8e2fe1 improve skipif 2016-12-01 13:32:10 +01:00
Nikita Popov
9c1c8be7a2 Merge branch 'PHP-7.0' into PHP-7.1 2016-10-08 01:10:37 +02:00
Nikita Popov
159de7723e Merge branch 'PHP-5.6' into PHP-7.0 2016-10-08 01:06:02 +02:00
Nikita Popov
bc3a0b82b8 Revert "Fixed test" 
This reverts commit a10d03ac16.
 2016-10-08 00:43:36 +02:00
Stanislav Malyshev
56e19b7c75 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Fixed test
  Added validation to parse_url() to prohibit restricted characters inside login/pass components based on RFC3986
  Apparently negative wordwrap is a thing and should work as length = 0.
 2016-10-04 21:56:28 -07:00
Ilia Alshanetsky
a10d03ac16 Fixed test 2016-10-04 21:20:38 -07:00
Nikita Popov
4c0804c07d Ensure symtable exists before checking it 2016-09-28 19:20:17 +02:00
Xinchen Hui
6617e87700 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  Fixed skip
 2016-09-21 17:20:35 +08:00
Xinchen Hui
56e3ec93a9 Fixed skip 2016-09-21 17:20:02 +08:00
Remi Collet
3c117d4136 fix test (32bits) 2016-09-15 15:32:39 +02:00
Stanislav Malyshev
dad0e9d1a3 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0: (22 commits)
  Fix bug #72293 - Heap overflow in mysqlnd related to BIT fields
  I don't think 8cceb012a7 is needed
  Fix test
  Add check in fgetcsv in case sizeof(unit) != sizeof(size_t)
  Fix bug #73065: Out-Of-Bounds Read in php_wddx_push_element of wddx.c
  Fix bug #73035 (Out of bound when verify signature of tar phar in phar_parse_tarfile)
  Fix bug #73052 - Memory Corruption in During Deserialized-object Destruction
  Fix bug #73029 - Missing type check when unserializing SplArray
  Fix bug #72860: wddx_deserialize use-after-free
  Fix bug #73007: add locale length check
  Fix bug #72928 - Out of bound when verify signature of zip phar in phar_parse_zipfile
  sync NEWS
  Revert "Merge branch 'PHP-5.6' into PHP-7.0"
  Merge branch 'PHP-5.6' into PHP-7.0
  Merge branch 'PHP-5.6' into PHP-7.0
  Revert "Revert "Merge branch 'PHP-5.6' into PHP-7.0""
  fix version
  sync NEWS
  Fix bug #72957
  set versions
  ...
 2016-09-12 21:10:34 -07:00
Stanislav Malyshev
07c6bdb85d Merge branch 'PHP-7.0.11' into PHP-7.0 
* PHP-7.0.11: (22 commits)
  Fix bug #72293 - Heap overflow in mysqlnd related to BIT fields
  I don't think 8cceb012a7 is needed
  Fix test
  Add check in fgetcsv in case sizeof(unit) != sizeof(size_t)
  Fix bug #73065: Out-Of-Bounds Read in php_wddx_push_element of wddx.c
  Fix bug #73035 (Out of bound when verify signature of tar phar in phar_parse_tarfile)
  Fix bug #73052 - Memory Corruption in During Deserialized-object Destruction
  Fix bug #73029 - Missing type check when unserializing SplArray
  Fix bug #72860: wddx_deserialize use-after-free
  Fix bug #73007: add locale length check
  Fix bug #72928 - Out of bound when verify signature of zip phar in phar_parse_zipfile
  sync NEWS
  Revert "Merge branch 'PHP-5.6' into PHP-7.0"
  Merge branch 'PHP-5.6' into PHP-7.0
  Merge branch 'PHP-5.6' into PHP-7.0
  Revert "Revert "Merge branch 'PHP-5.6' into PHP-7.0""
  fix version
  sync NEWS
  Fix bug #72957
  set versions
  ...
 2016-09-12 21:09:30 -07:00
Anatol Belski
65bf5e88c7 Revert "Merge branch 'PHP-5.6' into PHP-7.0" 
This reverts commit 946335ba70, reversing
changes made to 3437dbfa00.
 2016-09-11 12:59:43 +02:00
Anatol Belski
435048935e Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  Bug #73058 crypt broken when salt is 'too' long
 2016-09-10 02:49:30 +02:00
Anatol Belski
e539ea439b Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Bug #73058 crypt broken when salt is 'too' long
 2016-09-10 02:44:21 +02:00
Anatol Belski
669fda00b7 Bug #73058 crypt broken when salt is 'too' long 2016-09-10 02:39:28 +02:00
Christoph M. Becker
727b422ad9 Fix #72948: Uncatchable "Catchable" fatal error for class to string conversions 
E_RECOVERABLE errors are reported as "Catchable fatal error". This is
misleading, because they actually can't be caught via try-catch statements.
Therefore we change the wording to "Recoverable fatal error" as suggested by
Nikita.
 2016-09-03 13:05:37 +02:00
Anatol Belski
22a825db85 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  Fixed bug #72703 Out of bounds global memory read in BF_crypt triggered by password_verify
 2016-08-29 20:34:44 +02:00
Anatol Belski
946335ba70 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Fixed bug #72703 Out of bounds global memory read in BF_crypt triggered by password_verify
 2016-08-29 20:32:55 +02:00
Anatol Belski
295303b590 Fixed bug #72703 Out of bounds global memory read in BF_crypt triggered by password_verify 2016-08-29 20:25:34 +02:00
Anatol Belski
526e6bf818 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  fix tests
 2016-08-17 12:41:38 +02:00
Anatol Belski
05c8a0771d fix tests 
The 70436 test is just a bonus for the hardening in 72633.
 2016-08-17 12:39:35 +02:00
Xinchen Hui
ce6ad9bdd9 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0: (48 commits)
  Update NEWs
  Unused label
  Fixed bug #72853 (stream_set_blocking doesn't work)
  fix test
  Bug #72663 - part 3
  Bug #72663 - part 2
  Bug #72663 - part 1
  Update NEWS
  BLock test with memory leak
  fix tests
  Fix TSRM build
  Fix bug #72850 - integer overflow in uuencode
  Fixed bug #72849 - integer overflow in urlencode
  Fix bug #72848 - integer overflow in quoted_printable_encode caused heap corruption
  Fix bug #72838 - 	Integer overflow lead to heap corruption in sql_regcase
  Fix bug #72837 - integer overflow in bzdecompress caused heap corruption
  Fix bug #72836 - integer overflow in base64_decode caused heap corruption
  Fix for bug #72807 - do not produce strings with negative length
  Fix for bug #72790 and bug #72799
  Fix bug #72730 - imagegammacorrect allows arbitrary write access
  ...

Conflicts:
	ext/standard/var_unserializer.c
 2016-08-17 17:14:30 +08:00
Stanislav Malyshev
0d13325b66 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6: (24 commits)
  Update NEWS
  BLock test with memory leak
  fix tests
  Fix TSRM build
  Fix bug #72850 - integer overflow in uuencode
  Fixed bug #72849 - integer overflow in urlencode
  Fix bug #72848 - integer overflow in quoted_printable_encode caused heap corruption
  Fix bug #72838 - 	Integer overflow lead to heap corruption in sql_regcase
  Fix bug #72837 - integer overflow in bzdecompress caused heap corruption
  Fix bug #72836 - integer overflow in base64_decode caused heap corruption
  Fix for bug #72807 - do not produce strings with negative length
  Fix for bug #72790 and bug #72799
  Fix bug #72730 - imagegammacorrect allows arbitrary write access
  Fix bug#72697 - select_colors write out-of-bounds
  Fixed bug #72627: Memory Leakage In exif_process_IFD_in_TIFF
  Fix bug #72750: wddx_deserialize null dereference
  Fix bug #72771: ftps:// opendir wrapper is vulnerable to protocol downgrade attack
  Improve fix for #72663
  Fix bug #70436: Use After Free Vulnerability in unserialize()
  Fix bug #72749: wddx_deserialize allows illegal memory access
  ...

Conflicts:
	Zend/zend_API.h
	ext/bz2/bz2.c
	ext/curl/interface.c
	ext/ereg/ereg.c
	ext/exif/exif.c
	ext/gd/gd.c
	ext/gd/tests/imagetruecolortopalette_error3.phpt
	ext/gd/tests/imagetruecolortopalette_error4.phpt
	ext/session/session.c
	ext/snmp/snmp.c
	ext/standard/base64.c
	ext/standard/ftp_fopen_wrapper.c
	ext/standard/quot_print.c
	ext/standard/url.c
	ext/standard/uuencode.c
	ext/standard/var.c
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	ext/wddx/tests/bug72790.phpt
	ext/wddx/tests/bug72799.phpt
	ext/wddx/wddx.c
	sapi/cli/generate_mime_type_map.php
 2016-08-17 00:43:33 -07:00
Stanislav Malyshev
4bf5c3187f BLock test with memory leak 2016-08-16 22:55:44 -07:00
Stanislav Malyshev
639f7fde6a Improve fix for #72663 2016-08-16 22:55:20 -07:00
Stanislav Malyshev
95d09e4b5e Fix bug #70436: Use After Free Vulnerability in unserialize() 2016-08-16 22:55:20 -07:00
Stanislav Malyshev
448c9be157 Fix bug #72663 - destroy broken object when unserializing 2016-08-16 22:54:42 -07:00
Christoph M. Becker
f0c77ee7f8 Merge branch 'PHP-7.0' into PHP-7.1 2016-08-13 12:06:11 +02:00
Christoph M. Becker
a93c62aafa Merge branch 'PHP-5.6' into PHP-7.0 2016-08-13 11:47:20 +02:00
Christoph M. Becker
ae3b2078ea Fix #72823: strtr out-of-bound access 
If php_strtr_array_prepare_repls() reports pattern_len == 0, we return
early to avoid OOB accesses, and because there is nothing to replace anyway.
 2016-08-13 11:40:33 +02:00
Nikita Popov
e52c1f3ca9 Merge branch 'PHP-7.0' into PHP-7.1 2016-08-07 18:50:27 +02:00
Lauri Kenttä
e616bc8694 Fix bug #55451 
Make substr_compare ignore the length if it's NULL. This allows to
use the last parameter (case_insensitivity) with the default length.
 2016-08-07 18:48:36 +02:00
Lauri Kenttä
3104759915 base64_decode: fix bug #72264 ('VV= =' shouldn't fail in strict mode) 2016-07-07 01:27:23 +02:00
Lauri Kenttä
c1ac081bf1 base64_decode: fix bug #72263 (skips char after padding) 2016-07-07 01:27:23 +02:00
Lauri Kenttä
b9c9be13cc base64_decode: fix bug #72152 (fail on NUL bytes in strict mode) 
This added check is actually for NOT failing in NON-strict mode.
The ch == -2 check later causes the desired failure in strict mode.
 2016-07-07 01:27:23 +02:00
Nikita Popov
441d44c2eb Merge branch 'PHP-7.0' 2016-07-05 16:57:32 +02:00
Lauri Kenttä
3380acbdd4 base64_decode: fix bug #72264 ('VV= =' shouldn't fail in strict mode) 2016-07-05 16:51:36 +02:00
Lauri Kenttä
6d17ee744f base64_decode: fix bug #72263 (skips char after padding) 2016-07-05 16:51:36 +02:00
Lauri Kenttä
260c07db85 base64_decode: fix bug #72152 (fail on NUL bytes in strict mode) 
This added check is actually for NOT failing in NON-strict mode.
The ch == -2 check later causes the desired failure in strict mode.
 2016-07-05 16:51:36 +02:00
Anatol Belski
bdd127528e Merge branch 'PHP-7.0' 
* PHP-7.0:
  fix two remaining tests
 2016-06-21 17:25:12 +02:00
Anatol Belski
ed10168b30 fix two remaining tests 2016-06-21 17:24:08 +02:00
Stanislav Malyshev
3e0397c25c Merge branch 'PHP-7.0' 
* PHP-7.0:
  iFixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
  update NEWS
  fix tests
  fix build
  Fix bug #72455:  Heap Overflow due to integer overflows
  Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
  Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize
  Fix bug #72407: NULL Pointer Dereference at _gdScaleVert
  Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free
  Fix bug #72298	pass2_no_dither out-of-bounds access
  Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
  Fix bug #72262 - do not overflow int
  Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
  Fix bug #72275: don't allow smart_str to overflow int
  Fix bug #72340: Double Free Courruption in wddx_deserialize
  Fix bug #72321 - use efree() for emalloc allocation
  5.6.23RC1
  fix NEWS
  set versions
 2016-06-21 00:27:01 -07:00
Stanislav Malyshev
2a65544f78 Merge branch 'PHP-5.6.23' into PHP-7.0.8 
* PHP-5.6.23: (24 commits)
  iFixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
  update NEWS
  fix tests
  fix build
  Fix bug #72455:  Heap Overflow due to integer overflows
  Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
  Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize
  Fix bug #72407: NULL Pointer Dereference at _gdScaleVert
  Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free
  Fix bug #72298	pass2_no_dither out-of-bounds access
  Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
  Fix bug #72262 - do not overflow int
  Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
  Fix bug #72275: don't allow smart_str to overflow int
  Fix bug #72340: Double Free Courruption in wddx_deserialize
  update NEWS
  Fix #66387: Stack overflow with imagefilltoborder
  Fix bug #72321 - use efree() for emalloc allocation
  5.6.23RC1
  Fix bug #72140 (segfault after calling ERR_free_strings())
  ...

Conflicts:
	configure.in
	ext/mbstring/php_mbregex.c
	ext/mcrypt/mcrypt.c
	ext/spl/spl_array.c
	ext/spl/spl_directory.c
	ext/standard/php_smart_str.h
	ext/standard/string.c
	ext/standard/url.c
	ext/wddx/wddx.c
	ext/zip/php_zip.c
	main/php_version.h
 2016-06-21 00:24:32 -07:00