9d6c59eeea
Fix bug #77418 - Heap overflow in utf32be_mbc_to_code
2019-01-06 23:31:15 -08:00
b51eaf4166
[ci skip] Add NEWS
2019-01-06 13:03:38 -08:00
c95daa9c75
Fix more issues with encodilng length
...
Should fix bug #77381 , bug #77382 , bug #77385 , bug #77394 .
2019-01-06 11:34:27 -08:00
7a12dad4dd
Fix #77270 : imagecolormatch Out Of Bounds Write on Heap
...
At least some of the image reading functions may return images which
use color indexes greater than or equal to im->colorsTotal. We cater
to this by always using a buffer size which is sufficient for
`gdMaxColors` in `gdImageColorMatch()`.
2019-01-06 11:34:20 -08:00
1cc2182bcc
Fix bug #77380 (Global out of bounds read in xmlrpc base64 code)
2019-01-06 11:34:00 -08:00
28362ed4fa
Fix bug #77371 (heap buffer overflow in mb regex functions - compile_string_node)
2019-01-06 11:33:54 -08:00
20407d06ca
Fix bug #77370 - check that we do not read past buffer end when parsing multibytes
2019-01-06 11:33:44 -08:00
a918020c03
Fix #77269 : Potential unsigned underflow in gdImageScale
...
Belatedly, we're porting the respective upstream patch[1].
[1] <https://github.com/libgd/libgd/commit/60bfb401ad5a4a8ae995dcd36372fe15c71e1a35 >
2019-01-06 11:33:38 -08:00
428d8164ff
Fix bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext)
2019-01-06 11:33:32 -08:00
4fc0bceb7c
Fix bug #77242 (heap out of bounds read in xmlrpc_decode())
2019-01-06 11:33:25 -08:00
f51062523d
Regenerate certs for openssl tests
2019-01-02 10:00:36 -08:00
c26cb383a5
5.6.40 will be next. probably not
2018-12-05 09:13:30 +01:00
78bffa72c1
Fix null pointer deref in qprint-encode filter (bug #77231 )
2018-12-03 10:19:08 -08:00
48f0f73f75
Fix bug #77143 - add more checks to buffer reads
2018-12-03 00:41:46 -08:00
7edc639b9f
Fix #77020 : null pointer dereference in imap_mail
...
If an empty $message is passed to imap_mail(), we must not set message
to NULL, since _php_imap_mail() is not supposed to handle NULL pointers
(opposed to pointers to NUL).
2018-12-03 00:00:56 -08:00
aabdb71dc3
Fix TSRM signature - php_stream_stat macro has it's own TSRM
2018-12-02 12:54:19 -08:00
0382e761d7
Regenerate certificates for openssl tests
2018-12-02 12:08:19 -08:00
2fba1e2f59
Improve test for bug77022
2018-12-02 12:06:13 -08:00
69f5e7992b
Fix bug #77022 - use file mode or umask for new files
2018-12-01 21:06:45 -08:00
d8765852e0
Add DISPLAY_INI_ENTRIES for imap
2018-11-28 15:45:51 -08:00
e5bfea64c8
Disable rsh/ssh functionality in imap by default (bug #77153 )
2018-11-20 00:13:50 -08:00
81f23057dc
5.6.39 will be the next
2018-09-11 23:58:17 +02:00
c1de84014d
Update NEWS
2018-09-09 12:19:38 -07:00
23b057742e
Fix for bug #76582
...
The brigade seems to end up in a messed up state if something fails
in shutdown, so we clean it up.
2018-09-09 11:45:14 -07:00
1ba3314335
5.6.38 will be next
2018-07-19 16:54:58 +02:00
b73a108543
Add NEWS
2018-07-16 14:26:31 -07:00
289cb0f77c
Fixed bug #76459 windows linkinfo lacks openbasedir check
2018-07-16 14:21:02 -07:00
3462efa386
Fix bug #76557 : heap-buffer-overflow (READ of size 48) while reading exif data
...
Use MAKERNOTE length as data size.
2018-07-16 14:17:51 -07:00
1baeae4270
Fix bug #76423 - Int Overflow lead to Heap OverFlow in exif_thumbnail_extract of exif.c
2018-07-16 14:16:58 -07:00
fe3d53f443
5.6.37 will be next
2018-04-24 23:23:14 +02:00
4371af3e19
Fix test portability
2018-04-24 10:47:32 +02:00
ee76a5ae5a
Fix tsrm_ls
2018-04-23 16:48:27 -07:00
58b0003975
Merge remote-tracking branch 'security/bug76249' into PHP-5.6
...
* security/bug76249:
Fix test
Fix bug #76249 - fail on invalid sequences
2018-04-23 13:44:19 -07:00
a4c55eefd0
Merge remote-tracking branch 'security/bug76248' into PHP-5.6
...
* security/bug76248:
Fix bug #76248 - Malicious LDAP-Server Response causes Crash
2018-04-23 13:44:12 -07:00
6e64aba47f
Fix #76129 - remove more potential unfiltered outputs for phar
2018-04-23 13:43:43 -07:00
e2dcf3cc54
Merge remote-tracking branch 'security/PHP-5.6' into PHP-5.6
...
* security/PHP-5.6:
Fix #76130 : Heap Buffer Overflow (READ: 1786) in exif_iif_add_value
Fix bug #75981 : prevent reading beyond buffer start
2018-04-23 13:42:51 -07:00
8dca5ae5ec
Fix test
2018-04-22 22:19:51 -07:00
49782c5499
Fix bug #76248 - Malicious LDAP-Server Response causes Crash
2018-04-22 22:01:35 -07:00
06d309fd7a
Fix bug #76249 - fail on invalid sequences
2018-04-22 21:26:39 -07:00
b4e4788c44
Fix #76130 : Heap Buffer Overflow (READ: 1786) in exif_iif_add_value
...
The MakerNote is not necessarily null-terminated, so we must not use
`strlen()` to avoid OOB reads. Instead `php_strnlen()` is the proper
way to handle this.
2018-04-22 20:15:02 -07:00
cb981e39c2
[ci skip] 5.6.36 will be next
2018-03-28 23:14:30 +02:00
2885f62816
[ci skip] Update NEWS
2018-03-27 14:24:43 +02:00
d20bebfe13
Do not set PR_SET_DUMPABLE by default
2018-03-27 14:18:01 +02:00
3db7427b71
5.6.35 is next
2018-02-27 23:57:06 +01:00
4698a412bf
[ci skip] Update NEWS
2018-02-27 11:31:37 +01:00
523f230c83
Fix bug #75981 : prevent reading beyond buffer start
2018-02-26 22:25:51 -08:00
1f4b057b63
[ci skip] Set FPM maintainership
...
As per http://news.php.net/php.internals/101897 , Jakub is officially
annointed as new FPM maintainer.
2018-02-23 16:43:10 -08:00
36239fee36
Fix bug #75981 : prevent reading beyond buffer start
2018-02-20 15:44:00 -08:00
67ec3ce1ec
2018
2018-01-03 15:12:39 +01:00
028507f1f6
php 5.6.34 is next
2018-01-03 00:30:58 +01:00
Stanislav Malyshev