php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-22 07:28:09 +02:00
Code Issues Packages Projects Releases Wiki Activity
83,637 Commits 549 Branches 1,485 Tags
7f529e3dee032d5977166c3eb7b70f57edc8e562
Commit Graph

4171 Commits

Author SHA1 Message Date
Ferenc Kovacs e715dafae0 5.6.30 will be next 2016-11-24 01:54:23 +01:00
Ferenc Kovacs 9b3a1e00ab 5.6.29 will be next 2016-10-27 23:10:59 +02:00
Sara Golemon 43ccf23d70 Clear FG(user_stream_current_filename) when bailing out 
If a userwrapper opener E_ERRORs then FG(user_stream_current_filename)
would remain set until the next request and would not be pointing
at unallocated memory.

Catch the bailout, clear the variable, then continue bailing.

Closes https://bugs.php.net/bug.php?id=73188
 2016-10-11 21:55:01 -07:00
Stanislav Malyshev 689a9b8def Merge branch 'PHP-5.6.27' into PHP-5.6 
* PHP-5.6.27:
  Fix tests
  fix tsrm
  Fix bug #73284 - heap overflow in php_ereg_replace function
  Fix bug #73276 - crash in openssl_random_pseudo_bytes function
  Fix bug #73293 - NULL pointer dereference in SimpleXMLElement::asXML()
  fix bug #73275 - crash in openssl_encrypt function
  Fix for #73240 - Write out of bounds at number_format
  Bug #73218: add mitigation for ICU int overflow
  Add more locale length checks, due to ICU bugs.
  Fix bug #73208 - another missing length check
  Fix bug #73190: memcpy negative parameter _bc_new_num_ex
  Fix bug #73189 - Memcpy negative size parameter php_resolve_path
  Fixed bug #73174 - heap overflow in php_pcre_replace_impl
  Fix bug #73150: missing NULL check in dom_document_save_html
  Fix bug #73147: Use After Free in PHP7 unserialize()
  Fix bug #73082
  Fix bug #73073 - CachingIterator null dereference when convert to string
 2016-10-11 16:26:35 -07:00
Stanislav Malyshev 40e7baab3c Fix bug #73190: memcpy negative parameter _bc_new_num_ex 2016-10-03 00:09:02 -07:00
Stanislav Malyshev da7e89cde8 Fix bug #73189 - Memcpy negative size parameter php_resolve_path 2016-09-28 23:30:48 -07:00
Ferenc Kovacs 703c247c7d 5.6.28 is next 2016-09-29 00:55:36 +02:00
Anatol Belski 075aa911ff Revert "Fixed bug #73037 SoapServer reports Bad Request when gzipped" 
This reverts commit f9a699f6c3.
 2016-09-23 18:45:03 +02:00
Anatol Belski f9a699f6c3 Fixed bug #73037 SoapServer reports Bad Request when gzipped 
(cherry picked from commit 410c68788a)
 2016-09-23 18:06:12 +02:00
Xinchen Hui ac07008bb7 Fixed bug #72505 (readfile() mangles files larger than 2G) 2016-09-16 20:53:51 +08:00
Ferenc Kovacs fbb81dd755 5.6.27 will be next 2016-09-01 20:27:19 +02:00
Xinchen Hui abe00908af Fixed bug #72853 (stream_set_blocking doesn't work) 
Implemented  PHP_STREAM_OPTION_META_DATA_API for plain_wrappers
 2016-08-17 16:54:21 +08:00
Ferenc Kovacs 562c17eb4e 5.6.26 will be next 2016-08-04 01:39:37 +02:00
Pierrick Charron 074b86d845 Fixed bug #72686 (zlib: url support is broken). 
zlib: support is broken since a really long time.
It never worked on versions >= PHP5.6 so we can just remove
this dead code.

Bug was introduced 2006-05-14 (Before 5.2.0)
 2016-07-27 00:33:13 -04:00
Stanislav Malyshev 4d0565b5ba Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  fix #72519, possible OOB using imagegif
  fix #72512, invalid read or write for palette image when invalid transparent index is used
  Apparently some envs miss SIZE_MAX
  Fix tests
  Fix bug #72618: NULL Pointer Dereference in exif_process_user_comment
  Partial fix for bug #72613 - do not treat negative returns from bz2 as size_t
  Fix bug #72606: heap-buffer-overflow (write) simplestring_addn simplestring.c
  Fix for bug #72558, Integer overflow error within _gdContributionsAlloc()
  Fix bug #72603: Out of bound read in exif_process_IFD_in_MAKERNOTE
  Fix bug #72562 - destroy var_hash properly
  Fix bug #72533 (locale_accept_from_http out-of-bounds access)
  Fix fir bug #72520
  Fix for bug #72513
  CS fix and comments with bug ID
  Fix for HTTP_PROXY issue.
  add tests for bug #72512
  Fixed bug #72512 gdImageTrueColorToPaletteBody allows arbitrary write/read access
  Fixed bug #72479 - same as #72434

Conflicts:
	ext/bz2/bz2.c
	main/SAPI.c
	main/php_variables.c
 2016-07-19 00:53:08 -07:00
Stanislav Malyshev aca4f65c7e CS fix and comments with bug ID 2016-07-12 21:35:02 -07:00
Stanislav Malyshev 98b9dfaec9 Fix for HTTP_PROXY issue. 
The following changes are made:
- _SERVER/_ENV only has HTTP_PROXY if the local environment has it,
  and only one from the environment.
- getenv('HTTP_PROXY') only returns one from the local environment
- getenv has optional second parameter, telling it to only consider
  local environment
 2016-07-10 16:21:11 -07:00
Ferenc Kovacs c1280db28a 5.6.25 is next 2016-07-07 00:09:48 +02:00
Julien Pauli 155619184f 5.5.38 now 2016-06-21 13:10:37 +02:00
Remi Collet 1b4570b79f Fix bug #71936 (Segmentation fault destroying HTTP_RAW_POST_DATA) 2016-06-20 18:43:07 +02:00
Xinchen Hui c4c1993af6 Fixed bug #72439 (Stream socket with remote address leads to a segmentation fault) 2016-06-18 21:29:47 -07:00
Ferenc Kovacs c26097c2f1 5.6.24 will be next 2016-06-09 10:51:02 +02:00
Julien Pauli 0c84740450 5.5.37 now 2016-05-25 11:37:58 +02:00
Ferenc Kovacs 0815f7f755 prepare for 5.6.22RC1 2016-05-11 23:30:04 +02:00
Julien Pauli f856734c67 5.5.36 now 2016-04-26 22:34:00 +02:00
Stanislav Malyshev d650063a04 Fix bug #72093: bcpowmod accepts negative scale and corrupts _one_ definition 
We can not modify result since it can be copy of _zero_ or _one_, etc. and
"copy" in bcmath is just bumping the refcount.
 2016-04-24 18:33:32 -07:00
Ferenc Kovacs 6497d40521 prepare for 5.6.21RC1 2016-04-18 08:14:16 +02:00
Julien Pauli f0120ff878 5.5.35 now 2016-03-29 18:11:03 +02:00
Stanislav Malyshev f8dd10508b Fixed bug #71906: AddressSanitizer: negative-size-param (-1) in mbfl_strcut 2016-03-28 23:15:16 -07:00
Stanislav Malyshev 95433e8e33 Fix bug #71798 - Integer Overflow in php_raw_url_encode 2016-03-27 14:22:19 -07:00
Ferenc Kovacs 14f4848fb0 prepare for 5.6.20RC1 2016-03-17 01:46:00 +01:00
Julien Pauli 914d33c40e Going for 5.5.34 2016-03-02 11:02:42 +01:00
Stanislav Malyshev 54df59b729 Fix version 2016-03-01 22:47:27 -08:00
Stanislav Malyshev ae3f132be1 Merge branch 'PHP-5.6.19' into PHP-5.6 
* PHP-5.6.19:
  update NEWS
  Fix bug #71498: Out-of-Bound Read in phar_parse_zipfile()
  fix ts buld
  prep for 5.6.19RC1
  Fixed bug #71587 - Use-After-Free / Double-Free in WDDX Deserialize
 2016-03-01 22:42:16 -08:00
Stanislav Malyshev 153a44d6bb Update NEWS 2016-03-01 22:37:23 -08:00
Anatol Belski 632fc51d98 Bug #71596 Segmentation fault on ZTS with date function (setlocale) 2016-02-18 19:13:07 +01:00
Ferenc Kovacs c3eeb8092a prep for 5.6.19RC1 2016-02-18 01:26:18 +01:00
Ferenc Kovacs 4762ed4d27 5.6.20 is next 2016-02-18 00:31:18 +01:00
Julien Pauli 7d875fb9df Going for 5.5.33 now 2016-02-02 10:42:49 +01:00
Stanislav Malyshev 41be90d95b Merge branch 'PHP-5.6.18' into PHP-5.6 
* PHP-5.6.18:
  fix tests
  fix NEWS
  Update NEWS
  update NEWS
  Fixed bug #71488: Stack overflow when decompressing tar archives
  update NEWS
  add missing headers for SIZE_MAX
  backport the escapeshell* functions hardening branch
  add tests
  Fix bug #71459 - Integer overflow in iptcembed()
  prepare 5.6.18RC1
  Fixed bug #71323 - Output of stream_get_meta_data can be falsified by its input
  Fix bug #71391: NULL Pointer Dereference in phar_tar_setupmetadata()
  Fixed bug #71331 - Uninitialized pointer in phar_make_dirstream()
  Fix bug #71335: Type Confusion in WDDX Packet Deserialization
  Fix bug #71354 - remove UMR when size is 0

Conflicts:
	configure.in
	main/php_version.h
 2016-02-01 19:16:34 -08:00
Stanislav Malyshev 309ead112f Merge branch 'PHP-5.5.32' into PHP-5.6.18 
* PHP-5.5.32:
  Fixed bug #71488: Stack overflow when decompressing tar archives
  update NEWS
  add missing headers for SIZE_MAX
  backport the escapeshell* functions hardening branch
  add tests
  Fix bug #71459 - Integer overflow in iptcembed()
  Fixed bug #71323 - Output of stream_get_meta_data can be falsified by its input
  Fix bug #71391: NULL Pointer Dereference in phar_tar_setupmetadata()
  Fix bug #71335: Type Confusion in WDDX Packet Deserialization
  Fix bug #71354 - remove UMR when size is 0
 2016-02-01 18:32:31 -08:00
Ferenc Kovacs b2d5666d94 prepare 5.6.18RC1 2016-01-21 02:24:05 +01:00
Ferenc Kovacs a4fc2e1eb2 5.6.19 will be next 2016-01-20 15:39:05 +01:00
Stanislav Malyshev 6297a117d7 Fixed bug #71323 - Output of stream_get_meta_data can be falsified by its input 2016-01-16 22:10:54 -08:00
Anatol Belski fffbca55e8 backport 9a07245b72 from 7.0 2016-01-11 20:37:46 +01:00
Julien Pauli a6734f70e1 5.5.32 now 2016-01-07 13:07:23 +01:00
Lior Kaplan 53fb2f1e5c Happy new year (Update copyright to 2016) 2016-01-03 01:44:37 +02:00
Lior Kaplan 49493a2dcf Happy new year (Update copyright to 2016) 2016-01-01 19:21:47 +02:00
Lior Kaplan ef9ddd0d82 Remove sqlite extension leftover references (was removed in PHP 5.4) 2015-12-16 09:40:02 +02:00
Ferenc Kovacs 7d5dbaed76 5.6.18 will be next 2015-12-10 01:30:27 +01:00