delta/php-git.git/ext/mbstring, branch php-7.0.9 git.php.net: repository/php-src.git Merge branch 'PHP-7.0.8' into PHP-7.0 2016-06-21T07:25:49+00:00 Stanislav Malyshev stas@php.net 2016-06-21T07:25:49+00:00 8705254f2d4f73e22f150bc501fa534e7742754b * PHP-7.0.8: iFixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow update NEWS fix tests fix build Fix bug #72455: Heap Overflow due to integer overflows Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize Fix bug #72407: NULL Pointer Dereference at _gdScaleVert Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free Fix bug #72298 pass2_no_dither out-of-bounds access Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow Fix bug #72262 - do not overflow int Fix bug #72400 and #72403 - prevent signed int overflows for string lengths Fix bug #72275: don't allow smart_str to overflow int Fix bug #72340: Double Free Courruption in wddx_deserialize Fix bug #72321 - use efree() for emalloc allocation 5.6.23RC1 fix NEWS set versions Conflicts: configure.in main/php_version.h 
* PHP-7.0.8:
  iFixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
  update NEWS
  fix tests
  fix build
  Fix bug #72455:  Heap Overflow due to integer overflows
  Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
  Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize
  Fix bug #72407: NULL Pointer Dereference at _gdScaleVert
  Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free
  Fix bug #72298	pass2_no_dither out-of-bounds access
  Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
  Fix bug #72262 - do not overflow int
  Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
  Fix bug #72275: don't allow smart_str to overflow int
  Fix bug #72340: Double Free Courruption in wddx_deserialize
  Fix bug #72321 - use efree() for emalloc allocation
  5.6.23RC1
  fix NEWS
  set versions

Conflicts:
	configure.in
	main/php_version.h
Merge branch 'PHP-5.6.23' into PHP-7.0.8 2016-06-21T07:24:32+00:00 Stanislav Malyshev stas@php.net 2016-06-21T07:24:32+00:00 2a65544f788654946bfe49e114efa748246fdd52 * PHP-5.6.23: (24 commits) iFixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow update NEWS fix tests fix build Fix bug #72455: Heap Overflow due to integer overflows Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize Fix bug #72407: NULL Pointer Dereference at _gdScaleVert Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free Fix bug #72298 pass2_no_dither out-of-bounds access Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow Fix bug #72262 - do not overflow int Fix bug #72400 and #72403 - prevent signed int overflows for string lengths Fix bug #72275: don't allow smart_str to overflow int Fix bug #72340: Double Free Courruption in wddx_deserialize update NEWS Fix #66387: Stack overflow with imagefilltoborder Fix bug #72321 - use efree() for emalloc allocation 5.6.23RC1 Fix bug #72140 (segfault after calling ERR_free_strings()) ... Conflicts: configure.in ext/mbstring/php_mbregex.c ext/mcrypt/mcrypt.c ext/spl/spl_array.c ext/spl/spl_directory.c ext/standard/php_smart_str.h ext/standard/string.c ext/standard/url.c ext/wddx/wddx.c ext/zip/php_zip.c main/php_version.h 
* PHP-5.6.23: (24 commits)
  iFixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
  update NEWS
  fix tests
  fix build
  Fix bug #72455:  Heap Overflow due to integer overflows
  Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
  Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize
  Fix bug #72407: NULL Pointer Dereference at _gdScaleVert
  Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free
  Fix bug #72298	pass2_no_dither out-of-bounds access
  Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
  Fix bug #72262 - do not overflow int
  Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
  Fix bug #72275: don't allow smart_str to overflow int
  Fix bug #72340: Double Free Courruption in wddx_deserialize
  update NEWS
  Fix #66387: Stack overflow with imagefilltoborder
  Fix bug #72321 - use efree() for emalloc allocation
  5.6.23RC1
  Fix bug #72140 (segfault after calling ERR_free_strings())
  ...

Conflicts:
	configure.in
	ext/mbstring/php_mbregex.c
	ext/mcrypt/mcrypt.c
	ext/spl/spl_array.c
	ext/spl/spl_directory.c
	ext/standard/php_smart_str.h
	ext/standard/string.c
	ext/standard/url.c
	ext/wddx/wddx.c
	ext/zip/php_zip.c
	main/php_version.h
Merge branch 'PHP-5.5' into PHP-5.6.23 2016-06-21T07:01:48+00:00 Stanislav Malyshev stas@php.net 2016-06-21T07:01:48+00:00 7dde353ee79fcee73873cc19e1124704b94bd366 * PHP-5.5: Fixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow update NEWS fix tests fix build Fix bug #72455: Heap Overflow due to integer overflows Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize Fix bug #72407: NULL Pointer Dereference at _gdScaleVert Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free Fix bug #72298 pass2_no_dither out-of-bounds access Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow Fix bug #72262 - do not overflow int Fix bug #72400 and #72403 - prevent signed int overflows for string lengths Fix bug #72275: don't allow smart_str to overflow int Fix bug #72340: Double Free Courruption in wddx_deserialize update NEWS Fix #66387: Stack overflow with imagefilltoborder Skip test which is 64bits only 5.5.37 now Conflicts: configure.in ext/mcrypt/mcrypt.c ext/spl/spl_directory.c main/php_version.h 
* PHP-5.5:
  Fixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
  update NEWS
  fix tests
  fix build
  Fix bug #72455:  Heap Overflow due to integer overflows
  Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
  Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize
  Fix bug #72407: NULL Pointer Dereference at _gdScaleVert
  Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free
  Fix bug #72298	pass2_no_dither out-of-bounds access
  Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
  Fix bug #72262 - do not overflow int
  Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
  Fix bug #72275: don't allow smart_str to overflow int
  Fix bug #72340: Double Free Courruption in wddx_deserialize
  update NEWS
  Fix #66387: Stack overflow with imagefilltoborder
  Skip test which is 64bits only
  5.5.37 now

Conflicts:
	configure.in
	ext/mcrypt/mcrypt.c
	ext/spl/spl_directory.c
	main/php_version.h
Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free 2016-06-19T04:48:39+00:00 Stanislav Malyshev stas@php.net 2016-06-19T04:48:39+00:00 5b597a2e5b28e2d5a52fc1be13f425f08f47cb62 






Fixed(attempt to) bug #72405 (mb_ereg_replace - mbc_to_code (oniguruma) - oob read access)
2016-06-15T06:54:57+00:00

Xinchen Hui
laruence@gmail.com

2016-06-15T06:54:57+00:00

999a3553d58c537b4919821855b2cc8fb62b0b2f

according to ext/mbstring/oniguruma/enc/utf8.c, max bytes are 6





according to ext/mbstring/oniguruma/enc/utf8.c, max bytes are 6







Fixed bug #72399 (Use-After-Free in MBString (search_re))
2016-06-14T01:20:26+00:00

Xinchen Hui
laruence@gmail.com

2016-06-14T01:20:26+00:00

3d5641872239cbd4ec8855b05c90f94fb0d11d7e












Merge branch 'PHP-5.6' into PHP-7.0
2016-06-06T05:33:36+00:00

Anatol Belski
ab@php.net

2016-06-06T05:33:36+00:00

6ec8b2c57d7b811950c4636436e396e0f80d4678

* PHP-5.6:
  missing return





* PHP-5.6:
  missing return







missing return
2016-06-06T05:28:12+00:00

Anatol Belski
ab@php.net

2016-06-06T05:27:45+00:00

c05b417718d05831987b90d4c4651438a8eaefe4












Fixed bug #72164 (Null Pointer Dereference - mb_ereg_replace)
2016-05-05T09:27:34+00:00

Xinchen Hui
laruence@gmail.com

2016-05-05T09:27:34+00:00

395863b1d1798100b51c4c8be6e88d574e1a1bf1












Merge branch 'PHP-5.5' into PHP-7.0.5
2016-03-29T06:55:05+00:00

Stanislav Malyshev
stas@php.net

2016-03-29T06:55:05+00:00

67fbb0631109bf0dd82986a93838de0907a86869

* PHP-5.5:
  Fixed bug #71704 php_snmp_error() Format String Vulnerability
  Fixed bug #71906: AddressSanitizer: negative-size-param (-1) in mbfl_strcut
  Fixed bug #71906: AddressSanitizer: negative-size-param (-1) in mbfl_strcut
  Fix bug #71798 - Integer Overflow in php_raw_url_encode
  Fix bug #71860: Require valid paths for phar filenames
  Going for 5.5.34

Conflicts:
	configure.in
	ext/phar/phar_object.c
	ext/phar/tests/badparameters.phpt
	ext/phar/tests/create_path_error.phpt
	ext/phar/tests/pharfileinfo_construct.phpt
	ext/snmp/snmp.c
	ext/standard/url.c
	main/php_version.h





* PHP-5.5:
  Fixed bug #71704 php_snmp_error() Format String Vulnerability
  Fixed bug #71906: AddressSanitizer: negative-size-param (-1) in mbfl_strcut
  Fixed bug #71906: AddressSanitizer: negative-size-param (-1) in mbfl_strcut
  Fix bug #71798 - Integer Overflow in php_raw_url_encode
  Fix bug #71860: Require valid paths for phar filenames
  Going for 5.5.34

Conflicts:
	configure.in
	ext/phar/phar_object.c
	ext/phar/tests/badparameters.phpt
	ext/phar/tests/create_path_error.phpt
	ext/phar/tests/pharfileinfo_construct.phpt
	ext/snmp/snmp.c
	ext/standard/url.c
	main/php_version.h