php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-18 21:41:22 +02:00
Code Issues Packages Projects Releases Wiki Activity
96,588 Commits 547 Branches 1,483 Tags
eac822e897e684dfc5fb15cc1a75db0c6cbc9136
Commit Graph

42163 Commits

Author SHA1 Message Date
Stanislav Malyshev
dde7a05978 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Fix bug #75981: prevent reading beyond buffer start
 2018-02-26 22:26:26 -08:00
Stanislav Malyshev
523f230c83 Fix bug #75981: prevent reading beyond buffer start 2018-02-26 22:25:51 -08:00
Stanislav Malyshev
459ab2eef4 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Update NEWS
  Fixed bug #75571: Potential infinite loop in gdImageCreateFromGifCtx
  Fix bug #74782: remove file name from output to avoid XSS
 2018-01-01 20:28:01 -08:00
Christoph M. Becker
8d6e958867 Fixed bug #75571: Potential infinite loop in gdImageCreateFromGifCtx 
Due to a signedness confusion in `GetCode_` a corrupt GIF file can
trigger an infinite loop.  Furthermore we make sure that a GIF without
any palette entries is treated as invalid *after* open palette entries
have been removed.
 2018-01-01 19:51:26 -08:00
Stanislav Malyshev
73ca9b3773 Fix bug #74782: remove file name from output to avoid XSS 2018-01-01 19:51:02 -08:00
Dmitry Stogov
da61c7a2a4 Fixed bug #75579 (Interned strings buffer overflow may cause crash) 
(cherry picked from commit 37bf8bdc14)
 2017-12-22 18:22:08 +01:00
Lior Kaplan
32e3d7b99e Define floorf if system doesn't have it (follow up for 22c48761) 
floorf is checked in config.m4
 2017-11-29 16:46:47 +01:00
Remi Collet
8e5b9532da Fixed bug #64938 libxml_disable_entity_loader setting is shared between requests (FPM) 2017-11-28 17:58:28 +01:00
Scott
269d160159 Fix bug #75409 2017-11-22 04:26:54 +00:00
Nester
8fdef981ef Fixed #75539 and #74183 - preg_last_error not returning error code after error 2017-11-21 20:10:18 +01:00
Remi Collet
702ef27364 Better fix bug #75540 Segfault with libzip 1.3.1 
- only 1.3.1 is affected
- fix use after free
 2017-11-20 09:42:20 +01:00
Remi Collet
de47d4792f fix bug #75540 Segfault with libzip 1.3.1 2017-11-20 08:49:46 +01:00
Nikita Popov
0e097f2c96 Fixed bug #75535 
The sizeof()s for Content-Length and Transfer-Encoding were missing
the trailing ":". Apart from being generally wrong, this no longer
verified that the header actually contains a colon, leading to the
null http_header_value being used.

Additionally, in the interest of being defensive, also make sure
that http_header_value is non-null by setting it to the end of
the header line (effectively an empty string) if there is no colon.
If the following conditions are correct, this value is not going
to be used though.
 2017-11-17 23:18:05 +01:00
Derick Rethans
ca0bcf535c Fixed ext/date tests due to changes in Olson database 2017-11-07 11:25:28 +00:00
Nikita Popov
d88ef8d7e1 Fix ext/soap/tests/bug69137.phpt 
Switch to example.org. Also mark it as an online test.
 2017-11-02 20:56:03 +01:00
Anatol Belski
dbfa0140ae Sync and fix tests for ICU 60.1 compat 2017-11-02 12:37:04 +01:00
Anatol Belski
68c500421c Add missing ICU version check 2017-10-30 18:15:26 +01:00
Jakub Zelenka
fc169d2133 Prevent leaking x509 and csr resources if it is not requested 
All functions using php_openssl_x509_from_zval or php_openssl_csr_from_zval
with makeresource equal to 0 do not deref the resource which means there
is a leak till the end of the request. This can cause issues for long
running apps. It is a generic solution for bug #75363 which also covers
other functions.
 2017-10-30 16:40:56 +00:00
Jakub Zelenka
d8ccffa79a Extend and speed up pkey export tests 2017-10-30 16:40:56 +00:00
Jakub Zelenka
e78e839e53 Rewrite openssl_csr_get_subject test to improve coverage 2017-10-30 16:40:56 +00:00
Jakub Zelenka
528aa540b4 Add openssl_csr_get_public_key test 2017-10-30 16:40:56 +00:00
Jakub Zelenka
548798818b Extend openssl_pkcs7_* tests to cover resource cert 2017-10-30 16:40:56 +00:00
Jakub Zelenka
55d92413b9 Fix cleaning tmp output file in openssl_csr_export_to_file test 2017-10-30 16:40:56 +00:00
Jelle van der Waa
5812f7a8d3 openssl: add basic openssl_csr_export_to_file tests 
Add a basic test for openssl_csr_export_to_file.
 2017-10-30 16:40:56 +00:00
Jakub Zelenka
628a52d365 Extend openssl_csr_sign test to cover cert resource 2017-10-30 16:40:56 +00:00
Jakub Zelenka
80191eebec Set different invalid path in openssl_pkcs12_export so it is more unlikely to exist 2017-10-30 16:40:55 +00:00
Jakub Zelenka
cd66aad141 Extend openssl_x509_parse to cover cert resource 2017-10-30 16:40:55 +00:00
Jakub Zelenka
c1d98588a2 Rename and test resource cert in openssl_x509_checkpurpose test 2017-10-30 16:40:55 +00:00
Jakub Zelenka
d23d4fd61b Extend openssl_x509_check_private_key to test resource cert 2017-10-30 16:40:55 +00:00
Jakub Zelenka
be0758b75a Extend openssl_x509_fingerprint test to cover resource cert with sha1 2017-10-30 16:40:55 +00:00
Fabien Villepinte
a308000ff2 Fix bug #75464 Wrong reflection on SoapClient::__setSoapHeaders 2017-10-30 14:13:05 +00:00
Fabien Villepinte
e6aea3dc78 Fix bug #75453 Incorrect reflection on ibase_connect and ibase_pconnect 2017-10-30 06:55:00 +00:00
Fabien Villepinte
938f256ed9 Fix bug #75434 Wrong reflection for mysqli_fetch_all function 2017-10-28 12:57:25 +02:00
Fabien Villepinte
51ea2cfbe1 Fix bug #75307 Wrong reflection for openssl_open function 2017-10-27 16:06:01 +01:00
Anatol Belski
15a71fe045 Skip test on PostgreSQL 10 
The 42P18 error is not produced by the server anymore.
 2017-10-27 16:19:42 +02:00
Anatol Belski
24b1bb0abd Fix test compat for PostgreSQL 10 2017-10-27 14:58:43 +02:00
Anatol Belski
10dc1950f7 Apply upstream patch for CVE-2017-14107 2017-10-27 13:20:15 +02:00
Anatol Belski
f6e8ce8121 Backport and apply upstream patch for CVE-2017-14107 2017-10-27 13:16:56 +02:00
Fabien Villepinte
578ba71b3b Fix typo in comments 2017-10-25 20:59:40 +01:00
Fabien Villepinte
e763a1cdc7 Fix the SKIPIF part in /ext/gd/tests/bug75437.phpt 2017-10-25 14:39:38 +02:00
Fabien Villepinte
0fbb9f343f Fix bug #75437 Wrong reflection on imagewebp 2017-10-25 12:54:05 +02:00
Anatol Belski
e19bf29b53 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Parametrize the expected value to avoid platform false positives
 2017-10-24 18:36:56 +02:00
Anatol Belski
45ac5edbd9 Parametrize the expected value to avoid platform false positives 2017-10-24 18:33:21 +02:00
Sara Golemon
68e27b0763 Decref default_link when clearing 2017-10-24 11:37:59 -04:00
Christoph M. Becker
22c487616f Fixed bug #65148 (imagerotate may alter image dimensions) 
We apply the respective patches from external libgd, work around the
still missing `gdImageClone()`, and fix the special cased rotation
routines according to Pierre's patch
(https://gist.github.com/pierrejoye/59d72385ed1888cf8894a7ed437235ae).

We also cater to bug73272.phpt whose result obviously changes a bit.
 2017-10-24 17:02:56 +02:00
Derick Rethans
8e3260376c Update timezonemap.h, which needs to match the bundled TZ db 2017-10-24 14:55:13 +01:00
Anatol Belski
968c8fc0d5 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Fixed bug #72535 arcfour encryption stream filter crashes php
 2017-10-24 14:04:08 +02:00
Anatol Belski
37acebcc8c Fixed bug #72535 arcfour encryption stream filter crashes php 2017-10-24 13:59:18 +02:00
Anatol Belski
5efbcd1882 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Fixed bug #75055 Out-Of-Bounds Read in timelib_meridian()
  Apply upstream patch for CVE-2016-1283
 2017-10-24 13:38:48 +02:00
Anatol Belski
a7815e63bd Fixed bug #75055 Out-Of-Bounds Read in timelib_meridian() 2017-10-24 11:28:17 +02:00