php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-29 11:13:36 +02:00
Code Issues Packages Projects Releases Wiki Activity
83,091 Commits 549 Branches 1,486 Tags
e70fe1c42ea8d50c7cae2f62c36ddecc5a2e342c
Commit Graph

8619 Commits

Author SHA1 Message Date
Stanislav Malyshev 62da5cdf3d Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Fixed bug #71906: AddressSanitizer: negative-size-param (-1) in mbfl_strcut
  Fix bug #71798 - Integer Overflow in php_raw_url_encode
  Fix bug #71860: Require valid paths for phar filenames
  Going for 5.5.34

Conflicts:
	configure.in
	ext/phar/tests/create_path_error.phpt
	main/php_version.h
 2016-03-28 23:21:15 -07:00
Stanislav Malyshev 95433e8e33 Fix bug #71798 - Integer Overflow in php_raw_url_encode 2016-03-27 14:22:19 -07:00
Nikita Popov 54da966883 Fixed bug #67512 2016-03-25 20:18:46 +01:00
Xinchen Hui 6f241f5fad Fixed bug #71840 (Unserialize accepts wrongly data) 2016-03-17 15:15:28 +08:00
Anatol Belski 8cd903ea68 fix error condition, part of bug #71753 2016-03-10 11:35:50 +01:00
Xinchen Hui 915a3762ef Fixed typo (partially fix for #71753) 2016-03-10 15:22:34 +08:00
Anton Blanchard ccd215a517 Additional improvements to crypt() detection code 
Reformat to normalize tabs vs spaces, return 1 if crypt.h not
defined, fix C99 compliance.
 2016-03-03 17:28:34 +01:00
Michael Orlitzky 08fce8e2c5 ext/standard/config.m4: fix crypt() test segfaults in >=glibc-2.17. 
Starting with glibc-2.17, the crypt() function will report an EINVAL
and return NULL when the format of the "salt" parameter is
invalid. The current tests for crypt() pass its result to strcmp(),
causing segfaults when the value returned from crypt() is NULL.

This commit modifies the test programs to exit with failure when
crypt() returns NULL.

Reference: https://bugs.gentoo.org/show_bug.cgi?id=518964
 2016-03-03 17:12:57 +01:00
Nikita Popov 4e0134c661 Fix bounds check in strip_tags() 2016-02-13 17:47:30 +01:00
Julien Pauli 6b0b29edd6 Fix #70720 2016-02-02 18:09:54 +01:00
Anatol Belski b837f205ca Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  add error check to sysconf call
  Going for 5.5.33 now

Conflicts:
	configure.in
	main/php_version.h
 2016-02-02 14:22:31 +01:00
Anatol Belski 377d353c9f add error check to sysconf call 2016-02-02 14:19:10 +01:00
Stanislav Malyshev 24167095a5 Merge branch 'PHP-5.5' into PHP-5.6.18 
* PHP-5.5:
  fix tests
  fix NEWS
  update NEWS
 2016-02-01 19:15:19 -08:00
Stanislav Malyshev 2a7d8c0a06 fix tests 2016-02-01 18:58:02 -08:00
Stanislav Malyshev 309ead112f Merge branch 'PHP-5.5.32' into PHP-5.6.18 
* PHP-5.5.32:
  Fixed bug #71488: Stack overflow when decompressing tar archives
  update NEWS
  add missing headers for SIZE_MAX
  backport the escapeshell* functions hardening branch
  add tests
  Fix bug #71459 - Integer overflow in iptcembed()
  Fixed bug #71323 - Output of stream_get_meta_data can be falsified by its input
  Fix bug #71391: NULL Pointer Dereference in phar_tar_setupmetadata()
  Fix bug #71335: Type Confusion in WDDX Packet Deserialization
  Fix bug #71354 - remove UMR when size is 0
 2016-02-01 18:32:31 -08:00
Anatol Belski 686a17893a add missing headers for SIZE_MAX 2016-01-28 13:46:34 +01:00
Anatol Belski f4d7bbf4ac backport the escapeshell* functions hardening branch 2016-01-28 13:45:43 +01:00
Anatol Belski 828364e59c add tests 2016-01-28 13:27:26 +01:00
Stanislav Malyshev 54c210d2ea Fix bug #71459 - Integer overflow in iptcembed() 2016-01-26 17:26:52 -08:00
Remi Collet 3c8f287d58 Fix test when run with openssl < 1.0.2 (reorder so no more SSLv2 message) 
Fix skip message to work
 2016-01-20 13:08:58 +01:00
Anatol Belski 508d1dae25 improve fix for bug #71201 2016-01-20 09:44:28 +01:00
Anatol Belski adf0be7680 fork test 2016-01-18 16:45:35 +01:00
Stanislav Malyshev 6297a117d7 Fixed bug #71323 - Output of stream_get_meta_data can be falsified by its input 2016-01-16 22:10:54 -08:00
Julien Pauli 86f48881a4 Removed unecessary string dup 2016-01-06 10:51:36 +01:00
Julien Pauli 810452f68e Moved buffer from heap to stack 2016-01-06 10:51:36 +01:00
Lior Kaplan 53fb2f1e5c Happy new year (Update copyright to 2016) 2016-01-03 01:44:37 +02:00
Lior Kaplan 49493a2dcf Happy new year (Update copyright to 2016) 2016-01-01 19:21:47 +02:00
Julien Pauli d73d9fecf6 Fixed and improved tests 2015-12-24 14:08:44 +01:00
marcosptf bdc8f7d871 test to function gethostname ( void ); 2015-12-24 11:46:48 +01:00
marcosptf ca0b82fe93 test to function stream_get_transports(); 2015-12-24 10:53:53 +01:00
marcosptf e9d1dff514 test to function stream_get_wrappers(); 2015-12-24 10:51:51 +01:00
marcosptf 7e399566a7 test to function stream_socket_enable_crypto(); 2015-12-24 10:50:54 +01:00
marcosptf a7daf97198 test to function stream_socket_get_name(); 2015-12-24 10:49:02 +01:00
marcosptf 3295264336 Create stream_socket_recvfrom.phpt 2015-12-24 10:47:35 +01:00
marcosptf 379b43bb3b test to stream function set_file_buffer.phpt(); 2015-12-24 10:47:02 +01:00
marcosptf 8d1d5ffa22 test to misc. function connection_status(); 2015-12-24 10:45:10 +01:00
marcosptf 841594ac18 test to function connection_aborted(); 
was added a new uncovered misc. function
 2015-12-24 10:43:34 +01:00
Anatol Belski 50c4be0309 Added test for bug #71201 2015-12-23 18:18:02 +01:00
Anatol Belski 0d822f6df9 Bug #71201 round() segfault on 64-bit builds 2015-12-23 18:16:52 +01:00
Julien Pauli ff7ed9021c Fix #70720 2015-12-22 16:25:51 +01:00
Xinchen Hui e6b46dc2ff Fixed bug #70960 (ReflectionFunction for array_unique returns wrong number of parameters) 2015-11-24 13:45:16 +08:00
Ferenc Kovacs 395ef4efb7 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  fixup, both catched by nikic
  use another character device in this test as /dev/console seems that it is different for lxc containers
  the de_DE(iso-8859-1) locale is not available on ubuntu by default, but there is no reason to require that over the utf-8 one
  let's try running our testsuite without sudo
 2015-10-19 22:47:23 +02:00
Ferenc Kovacs f3838a9c35 Merge branch 'pr-1483' into PHP-5.5 
* pr-1483:
  fixup, both catched by nikic
  use another character device in this test as /dev/console seems that it is different for lxc containers
  the de_DE(iso-8859-1) locale is not available on ubuntu by default, but there is no reason to require that over the utf-8 one
  let's try running our testsuite without sudo
 2015-10-19 22:44:19 +02:00
Stanislav Malyshev b94f67885c Skip serialize test if ext/session is not loaded 2015-10-18 15:43:03 -07:00
Stanislav Malyshev 629e4da7cc Fix bug #70480 (php_url_parse_ex() buffer overflow read) 2015-09-28 11:31:14 -07:00
Anatol Belski c505d55158 silence mkdir to fix fails after unclean test run 2015-09-23 13:55:28 +02:00
Niklas Keller 4b1dff6f43 Fix #70361: HTTP stream wrapper doesn't close keep-alive connections 2015-09-04 16:29:35 +02:00
Stanislav Malyshev a6c063d663 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  More fixes for bug #70219
 2015-09-01 12:51:48 -07:00
Stanislav Malyshev c19d59c550 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  update NEWS
  add NEWS for fixes
  Improve fix for #70172
  Fix bug #70312 - HAVAL gives wrong hashes in specific cases
  fix test
  add test
  Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
  Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
  Fix bug #70172 - Use After Free Vulnerability in unserialize()
  Fix bug #70388 - SOAP serialize_function_call() type confusion
  Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
  Improve fix for #70385
  Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
  Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
  Fix bug #70219 (Use after free vulnerability in session deserializer)
  Fix for bug #69782
  Add CVE IDs asigned (post release) to PHP 5.4.43
  Add CVE IDs asigned to #69085 (PHP 5.4.39)
  5.4.45 next

Conflicts:
	ext/pcre/php_pcre.c
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	ext/zip/php_zip.c
 2015-09-01 12:06:41 -07:00
Stanislav Malyshev 53d274beb0 Merge branch 'PHP-5.5' into PHP-5.5.29 
* PHP-5.5:
  Improve fix for #70172
  Add CVE IDs asigned (post release) to PHP 5.4.43
  Add CVE IDs asigned to #69085 (PHP 5.4.39)

Conflicts:
	ext/pcre/php_pcre.c
 2015-09-01 11:43:27 -07:00