delta/php-git.git/sapi, branch php-5.6.12 git.php.net: repository/php-src.git fix test 2015-08-06T07:15:23+00:00 Stanislav Malyshev stas@php.net 2015-08-04T23:45:20+00:00 f6fdc293ce4f58d0df3d9596542d87be81aca9a7 






Merge branch 'PHP-5.5' into PHP-5.6
2015-08-06T06:52:09+00:00

Stanislav Malyshev
stas@php.net

2015-08-04T22:29:13+00:00

7e254ac00ea88a5e6f585fb089c240e88d99b506

* PHP-5.5:
  update NEWS
  fix test
  update NEWS
  Fix bug #70019 - limit extracted files to given directory
  Do not do convert_to_* on unserialize, it messes up references
  Fix #69793 - limit what we accept when unserializing exception
  Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
  Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
  ignore signatures for packages too
  Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
  Fixed bug #69892
  Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
  Improved fix for Bug #69441
  Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
  Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
  Fix bug #70081: check types for SOAP variables

Conflicts:
	ext/soap/php_http.c
	ext/spl/spl_observer.c





* PHP-5.5:
  update NEWS
  fix test
  update NEWS
  Fix bug #70019 - limit extracted files to given directory
  Do not do convert_to_* on unserialize, it messes up references
  Fix #69793 - limit what we accept when unserializing exception
  Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
  Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
  ignore signatures for packages too
  Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
  Fixed bug #69892
  Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
  Improved fix for Bug #69441
  Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
  Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
  Fix bug #70081: check types for SOAP variables

Conflicts:
	ext/soap/php_http.c
	ext/spl/spl_observer.c







Fixed #69655: php -S changes MKCALENDAR request method to MKCOL
2015-06-27T18:02:21+00:00

Christoph M. Becker
cmb@php.net

2015-06-27T17:47:32+00:00

bbe28d3a55f8b129d4595e5202b7c9891a568509

The parsing of the request method in the CLI server has been faulty, so that
several unsupported methods have been recognized as other methods.





The parsing of the request method in the CLI server has been faulty, so that
several unsupported methods have been recognized as other methods.







added skip condition for powershell requirement of test
2015-06-27T13:02:52+00:00

Christoph M. Becker
cmb@php.net

2015-06-27T13:02:52+00:00

b811bb3920168c19aa7cc9fa51cbad0d3d127dcc












Fix #64878: 304 responses return Content-Type header
2015-06-27T12:28:33+00:00

Christoph M. Becker
cmbecker69@gmx.de

2015-05-18T19:28:22+00:00

1920ba6f7bd1ce3c866ca947f51a1633dc892fce

According to RFC 7232 304 responses should not send a Content-Type header,
so the CLI server should comply.





According to RFC 7232 304 responses should not send a Content-Type header,
so the CLI server should comply.







bump API version to 6.8
2015-06-23T03:39:35+00:00

George Wang
gwang@php.net

2015-06-23T03:38:38+00:00

3a169f6c0df328f605fceab03da78ff8f56617a7












Fixed Buf #68812 Unchecked return value.
2015-06-08T19:46:56+00:00

George Wang
gwang@php.net

2015-06-08T19:38:59+00:00

eb15ec385e44c2bd5b8b44f77147faba7e0b0aa3












Merge branch 'PHP-5.5' into PHP-5.6
2015-05-26T08:24:39+00:00

Xinchen Hui
laruence@php.net

2015-05-26T08:24:39+00:00

1f077cc4f4c0ceef0c86591d4fc4469818adc7d2












Fixed C89
2015-05-26T08:24:18+00:00

Xinchen Hui
laruence@php.net

2015-05-26T08:24:18+00:00

76a290d0be25a028f968edff074c9d8b6c673dba












Merge branch 'PHP-5.5' into PHP-5.6
2015-04-14T08:05:01+00:00

Stanislav Malyshev
stas@php.net

2015-04-14T07:51:14+00:00

5776fceb16597d9ce686a01c1b72eac155b9741b

* PHP-5.5: (27 commits)
  fix non-standard C
  update NEWS
  5.4.41 next
  fix CVE num
  update NEWS
  Fix bug #69441 (Buffer Overflow when parsing tar/zip/phar in phar_set_inode)
  fix test
  fix type in fix for #69085
  fix memory leak & add test
  Fix tests
  fix CVE num
  Fix bug #69337 (php_stream_url_wrap_http_ex() type-confusion vulnerability)
  Fix test
  Additional fix for bug #69324
  More fixes for bug #69152
  Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions)
  Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar)
  Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER)
  Fix bug #68486 and bug #69218 (segfault in apache2handler with apache 2.4)
  Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault)
  ...

Conflicts:
	ext/standard/http_fopen_wrapper.c





* PHP-5.5: (27 commits)
  fix non-standard C
  update NEWS
  5.4.41 next
  fix CVE num
  update NEWS
  Fix bug #69441 (Buffer Overflow when parsing tar/zip/phar in phar_set_inode)
  fix test
  fix type in fix for #69085
  fix memory leak & add test
  Fix tests
  fix CVE num
  Fix bug #69337 (php_stream_url_wrap_http_ex() type-confusion vulnerability)
  Fix test
  Additional fix for bug #69324
  More fixes for bug #69152
  Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions)
  Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar)
  Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER)
  Fix bug #68486 and bug #69218 (segfault in apache2handler with apache 2.4)
  Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault)
  ...

Conflicts:
	ext/standard/http_fopen_wrapper.c