php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-14 11:32:11 +02:00
Code Issues Packages Projects Releases Wiki Activity
83,098 Commits 547 Branches 1,483 Tags
eeea33db686941a3ec045137bf66630c5cb9ec12
Commit Graph

8619 Commits

Author SHA1 Message Date
Stanislav Malyshev
62da5cdf3d Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Fixed bug #71906: AddressSanitizer: negative-size-param (-1) in mbfl_strcut
  Fix bug #71798 - Integer Overflow in php_raw_url_encode
  Fix bug #71860: Require valid paths for phar filenames
  Going for 5.5.34

Conflicts:
	configure.in
	ext/phar/tests/create_path_error.phpt
	main/php_version.h
 2016-03-28 23:21:15 -07:00
Stanislav Malyshev
95433e8e33 Fix bug #71798 - Integer Overflow in php_raw_url_encode 2016-03-27 14:22:19 -07:00
Nikita Popov
54da966883 Fixed bug #67512 2016-03-25 20:18:46 +01:00
Xinchen Hui
6f241f5fad Fixed bug #71840 (Unserialize accepts wrongly data) 2016-03-17 15:15:28 +08:00
Anatol Belski
8cd903ea68 fix error condition, part of bug #71753 2016-03-10 11:35:50 +01:00
Xinchen Hui
915a3762ef Fixed typo (partially fix for #71753) 2016-03-10 15:22:34 +08:00
Anton Blanchard
ccd215a517 Additional improvements to crypt() detection code 
Reformat to normalize tabs vs spaces, return 1 if crypt.h not
defined, fix C99 compliance.
 2016-03-03 17:28:34 +01:00
Michael Orlitzky
08fce8e2c5 ext/standard/config.m4: fix crypt() test segfaults in >=glibc-2.17. 
Starting with glibc-2.17, the crypt() function will report an EINVAL
and return NULL when the format of the "salt" parameter is
invalid. The current tests for crypt() pass its result to strcmp(),
causing segfaults when the value returned from crypt() is NULL.

This commit modifies the test programs to exit with failure when
crypt() returns NULL.

Reference: https://bugs.gentoo.org/show_bug.cgi?id=518964
 2016-03-03 17:12:57 +01:00
Nikita Popov
4e0134c661 Fix bounds check in strip_tags() 2016-02-13 17:47:30 +01:00
Julien Pauli
6b0b29edd6 Fix #70720 2016-02-02 18:09:54 +01:00
Anatol Belski
b837f205ca Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  add error check to sysconf call
  Going for 5.5.33 now

Conflicts:
	configure.in
	main/php_version.h
 2016-02-02 14:22:31 +01:00
Anatol Belski
377d353c9f add error check to sysconf call 2016-02-02 14:19:10 +01:00
Stanislav Malyshev
24167095a5 Merge branch 'PHP-5.5' into PHP-5.6.18 
* PHP-5.5:
  fix tests
  fix NEWS
  update NEWS
 2016-02-01 19:15:19 -08:00
Stanislav Malyshev
2a7d8c0a06 fix tests 2016-02-01 18:58:02 -08:00
Stanislav Malyshev
309ead112f Merge branch 'PHP-5.5.32' into PHP-5.6.18 
* PHP-5.5.32:
  Fixed bug #71488: Stack overflow when decompressing tar archives
  update NEWS
  add missing headers for SIZE_MAX
  backport the escapeshell* functions hardening branch
  add tests
  Fix bug #71459 - Integer overflow in iptcembed()
  Fixed bug #71323 - Output of stream_get_meta_data can be falsified by its input
  Fix bug #71391: NULL Pointer Dereference in phar_tar_setupmetadata()
  Fix bug #71335: Type Confusion in WDDX Packet Deserialization
  Fix bug #71354 - remove UMR when size is 0
 2016-02-01 18:32:31 -08:00
Anatol Belski
686a17893a add missing headers for SIZE_MAX 2016-01-28 13:46:34 +01:00
Anatol Belski
f4d7bbf4ac backport the escapeshell* functions hardening branch 2016-01-28 13:45:43 +01:00
Anatol Belski
828364e59c add tests 2016-01-28 13:27:26 +01:00
Stanislav Malyshev
54c210d2ea Fix bug #71459 - Integer overflow in iptcembed() 2016-01-26 17:26:52 -08:00
Remi Collet
3c8f287d58 Fix test when run with openssl < 1.0.2 (reorder so no more SSLv2 message) 
Fix skip message to work
 2016-01-20 13:08:58 +01:00
Anatol Belski
508d1dae25 improve fix for bug #71201 2016-01-20 09:44:28 +01:00
Anatol Belski
adf0be7680 fork test 2016-01-18 16:45:35 +01:00
Stanislav Malyshev
6297a117d7 Fixed bug #71323 - Output of stream_get_meta_data can be falsified by its input 2016-01-16 22:10:54 -08:00
Julien Pauli
86f48881a4 Removed unecessary string dup 2016-01-06 10:51:36 +01:00
Julien Pauli
810452f68e Moved buffer from heap to stack 2016-01-06 10:51:36 +01:00
Lior Kaplan
53fb2f1e5c Happy new year (Update copyright to 2016) 2016-01-03 01:44:37 +02:00
Lior Kaplan
49493a2dcf Happy new year (Update copyright to 2016) 2016-01-01 19:21:47 +02:00
Julien Pauli
d73d9fecf6 Fixed and improved tests 2015-12-24 14:08:44 +01:00
marcosptf
bdc8f7d871 test to function gethostname ( void ); 2015-12-24 11:46:48 +01:00
marcosptf
ca0b82fe93 test to function stream_get_transports(); 2015-12-24 10:53:53 +01:00
marcosptf
e9d1dff514 test to function stream_get_wrappers(); 2015-12-24 10:51:51 +01:00
marcosptf
7e399566a7 test to function stream_socket_enable_crypto(); 2015-12-24 10:50:54 +01:00
marcosptf
a7daf97198 test to function stream_socket_get_name(); 2015-12-24 10:49:02 +01:00
marcosptf
3295264336 Create stream_socket_recvfrom.phpt 2015-12-24 10:47:35 +01:00
marcosptf
379b43bb3b test to stream function set_file_buffer.phpt(); 2015-12-24 10:47:02 +01:00
marcosptf
8d1d5ffa22 test to misc. function connection_status(); 2015-12-24 10:45:10 +01:00
marcosptf
841594ac18 test to function connection_aborted(); 
was added a new uncovered misc. function
 2015-12-24 10:43:34 +01:00
Anatol Belski
50c4be0309 Added test for bug #71201 2015-12-23 18:18:02 +01:00
Anatol Belski
0d822f6df9 Bug #71201 round() segfault on 64-bit builds 2015-12-23 18:16:52 +01:00
Julien Pauli
ff7ed9021c Fix #70720 2015-12-22 16:25:51 +01:00
Xinchen Hui
e6b46dc2ff Fixed bug #70960 (ReflectionFunction for array_unique returns wrong number of parameters) 2015-11-24 13:45:16 +08:00
Ferenc Kovacs
395ef4efb7 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  fixup, both catched by nikic
  use another character device in this test as /dev/console seems that it is different for lxc containers
  the de_DE(iso-8859-1) locale is not available on ubuntu by default, but there is no reason to require that over the utf-8 one
  let's try running our testsuite without sudo
 2015-10-19 22:47:23 +02:00
Ferenc Kovacs
f3838a9c35 Merge branch 'pr-1483' into PHP-5.5 
* pr-1483:
  fixup, both catched by nikic
  use another character device in this test as /dev/console seems that it is different for lxc containers
  the de_DE(iso-8859-1) locale is not available on ubuntu by default, but there is no reason to require that over the utf-8 one
  let's try running our testsuite without sudo
 2015-10-19 22:44:19 +02:00
Stanislav Malyshev
b94f67885c Skip serialize test if ext/session is not loaded 2015-10-18 15:43:03 -07:00
Stanislav Malyshev
629e4da7cc Fix bug #70480 (php_url_parse_ex() buffer overflow read) 2015-09-28 11:31:14 -07:00
Anatol Belski
c505d55158 silence mkdir to fix fails after unclean test run 2015-09-23 13:55:28 +02:00
Niklas Keller
4b1dff6f43 Fix #70361: HTTP stream wrapper doesn't close keep-alive connections 2015-09-04 16:29:35 +02:00
Stanislav Malyshev
a6c063d663 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  More fixes for bug #70219
 2015-09-01 12:51:48 -07:00
Stanislav Malyshev
c19d59c550 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  update NEWS
  add NEWS for fixes
  Improve fix for #70172
  Fix bug #70312 - HAVAL gives wrong hashes in specific cases
  fix test
  add test
  Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
  Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
  Fix bug #70172 - Use After Free Vulnerability in unserialize()
  Fix bug #70388 - SOAP serialize_function_call() type confusion
  Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
  Improve fix for #70385
  Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
  Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
  Fix bug #70219 (Use after free vulnerability in session deserializer)
  Fix for bug #69782
  Add CVE IDs asigned (post release) to PHP 5.4.43
  Add CVE IDs asigned to #69085 (PHP 5.4.39)
  5.4.45 next

Conflicts:
	ext/pcre/php_pcre.c
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	ext/zip/php_zip.c
 2015-09-01 12:06:41 -07:00
Stanislav Malyshev
53d274beb0 Merge branch 'PHP-5.5' into PHP-5.5.29 
* PHP-5.5:
  Improve fix for #70172
  Add CVE IDs asigned (post release) to PHP 5.4.43
  Add CVE IDs asigned to #69085 (PHP 5.4.39)

Conflicts:
	ext/pcre/php_pcre.c
 2015-09-01 11:43:27 -07:00