Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | update NEWSphp-5.4.37PHP-5.4.37 | Stanislav Malyshev | 2015-01-20 | 1 | -1/+1 |
| | |||||
* | add CVE | Stanislav Malyshev | 2015-01-20 | 1 | -1/+2 |
| | |||||
* | 5.4.37 | Stanislav Malyshev | 2015-01-20 | 3 | -4/+4 |
| | |||||
* | add protection against nulls | Stanislav Malyshev | 2015-01-20 | 1 | -0/+5 |
| | |||||
* | Merge branch 'bug68710' into PHP-5.4 | Stanislav Malyshev | 2015-01-20 | 4 | -3/+32 |
|\ | | | | | | | | | * bug68710: Fix for bug #68710 (Use After Free Vulnerability in PHP's unserialize()) | ||||
| * | Fix for bug #68710 (Use After Free Vulnerability in PHP's unserialize()) | Stanislav Malyshev | 2015-01-01 | 4 | -3/+32 |
| | | |||||
* | | Merge branch 'bug68799' into PHP-5.4 | Stanislav Malyshev | 2015-01-20 | 4 | -2/+68 |
|\ \ | | | | | | | | | | | | | * bug68799: Fix bug #68799: Free called on unitialized pointer | ||||
| * | | Fix bug #68799: Free called on unitialized pointer | Stanislav Malyshev | 2015-01-11 | 3 | -1/+64 |
| |/ | |||||
* | | Update NEWS | Daniel Lowrey | 2015-01-14 | 1 | -0/+3 |
| | | |||||
* | | Fixed bug #55618 (use case-insensitive cert name matching) | Daniel Lowrey | 2015-01-14 | 1 | -2/+2 |
| | | |||||
* | | updated libmagic.patch in 5.4 | Anatol Belski | 2015-01-04 | 1 | -315/+139 |
| | | |||||
* | | Fixed bug #68735 fileinfo out-of-bounds memory access | Anatol Belski | 2015-01-04 | 4 | -2/+28 |
| | | |||||
* | | removed dead code | Remi Collet | 2015-01-04 | 5 | -1544/+2 |
|/ | |||||
* | FIx bug #68618 (out of bounds read crashes php-cgi) | Stanislav Malyshev | 2014-12-30 | 2 | -2/+7 |
| | |||||
* | add missing NEWS entry | Ferenc Kovacs | 2014-12-17 | 1 | -0/+3 |
| | |||||
* | 5.4.37 | Stanislav Malyshev | 2014-12-16 | 3 | -5/+7 |
| | |||||
* | add CVE | Stanislav Malyshev | 2014-12-16 | 1 | -1/+1 |
| | |||||
* | add missing test file | Stanislav Malyshev | 2014-12-16 | 1 | -0/+7 |
| | |||||
* | Fix bug #68594 - Use after free vulnerability in unserialize() | Stanislav Malyshev | 2014-12-16 | 4 | -32/+64 |
| | |||||
* | Fix undefined behaviour in strnatcmp | Andrea Faulds | 2014-12-13 | 1 | -2/+2 |
| | |||||
* | update NEWS | Stanislav Malyshev | 2014-12-11 | 1 | -0/+1 |
| | |||||
* | move the test to the right place | Anatol Belski | 2014-12-11 | 1 | -0/+0 |
| | |||||
* | Fixed bug #68545 NULL pointer dereference in unserialize.c | Anatol Belski | 2014-12-11 | 3 | -33/+56 |
| | |||||
* | Fixed possible read after end of buffer and use after free. | Dmitry Stogov | 2014-12-08 | 1 | -2/+6 |
| | |||||
* | Revert unintentional docblock change | Chris Christoff | 2014-12-05 | 1 | -1/+1 |
| | | | | | | | | Revert unintentional docblock change It looks like commit dd8e59da8f5aafd9d77a0f1f17e5e272d09f643f introduced an unintended docbloc change. I have reverted this change in this commit. | ||||
* | make sure that we don't truncate the stack trace and cause false test ↵ | Ferenc Kovacs | 2014-12-02 | 1 | -0/+1 |
| | | | | failures when the test is executed in a directory with long path | ||||
* | update news | Stanislav Malyshev | 2014-11-30 | 2 | -5/+8 |
| | |||||
* | Apply error-code-salt fix to Windows too | Leigh | 2014-11-30 | 0 | -0/+0 |
| | | | | | Conflicts: ext/standard/crypt.c | ||||
* | Bug fixes in light of failing bcrypt tests | Leigh | 2014-11-30 | 2 | -1/+3 |
| | | | | | Conflicts: ext/standard/crypt.c | ||||
* | Add tests from 1.3. Add missing tests. | Leigh | 2014-11-30 | 1 | -2/+31 |
| | | | | 3 of the missing tests fail. // TODO | ||||
* | Upgrade crypt_blowfish to version 1.3 | Leigh | 2014-11-30 | 1 | -19/+24 |
| | |||||
* | update for LiteSpeed | Stanislav Malyshev | 2014-11-23 | 1 | -0/+3 |
| | |||||
* | Revert "made lsapi_main.c compatible with PHP7/phpng ." | Stanislav Malyshev | 2014-11-22 | 1 | -92/+26 |
| | | | | | This reverts commit 9fb816f45ad9baa46b91514e70f755eb88539e85. Not a security-related fix. | ||||
* | made lsapi_main.c compatible with PHP7/phpng . | George Wang | 2014-11-20 | 1 | -26/+92 |
| | |||||
* | 5.4.36-dev | Stanislav Malyshev | 2014-11-11 | 3 | -4/+6 |
| | |||||
* | Fixed bug #66584 Segmentation fault on statement deallocation | Matteo Beccati | 2014-11-11 | 3 | -2/+71 |
| | |||||
* | update NEWS | Ferenc Kovacs | 2014-11-12 | 1 | -0/+4 |
| | |||||
* | Partial fix for bug #68365 (zend_mm_heap corrupted after memory overflow in ↵ | Dmitry Stogov | 2014-11-07 | 1 | -1/+1 |
| | | | | zend_hash_copy) | ||||
* | update NEWS | Stanislav Malyshev | 2014-11-03 | 1 | -0/+4 |
| | |||||
* | Fix bug #63595 GMP memory management conflicts with other libraries using GMP | Remi Collet | 2014-11-03 | 1 | -26/+0 |
| | | | | | | | | | | | | | | | | | | Drop use of php memory allocators as this raise various conflicts with other extensions and libraries which use libgmp. No other solution found. We cannot for ensure correct use of allocator with shared lib. Some memory can allocated before php init Some memory can be freed after php shutdown Known broken run cases - php + curl + gnutls + gmp - mod_gnutls + mod_php + gnutls + gmp - php + freetds + gnutls + gmp - php + odbc + freetds + gnutls + gmp - php + php-mapi (zarafa) + gnutls + gmp | ||||
* | Initialize the offset table - PCRE may sometimes miss offsets | Stanislav Malyshev | 2014-11-03 | 1 | -1/+1 |
| | |||||
* | set default response code to 200 | George Wang | 2014-11-03 | 1 | -2/+2 |
| | |||||
* | fix NEWS & version | Stanislav Malyshev | 2014-10-22 | 3 | -5/+5 |
| | |||||
* | NEWS | Remi Collet | 2014-10-22 | 1 | -0/+6 |
| | |||||
* | Fix bug #68283: fileinfo: out-of-bounds read in elf note headers | Remi Collet | 2014-10-22 | 1 | -0/+7 |
| | | | | | | | Upstream commit https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0 CVE -2014-3710 | ||||
* | Fix bug #68113 (Heap corruption in exif_thumbnail()) | Stanislav Malyshev | 2014-10-13 | 4 | -3/+24 |
| | |||||
* | Fix bug #68089 - do not accept options with embedded \0 | Stanislav Malyshev | 2014-10-13 | 3 | -0/+27 |
| | | | | | Conflicts: ext/curl/interface.c | ||||
* | Fixed bug #68044: Integer overflow in unserialize() (32-bits only) | Stanislav Malyshev | 2014-10-13 | 4 | -4/+19 |
| | |||||
* | Fix bug #68027 - fix date parsing in XMLRPC lib | Stanislav Malyshev | 2014-10-13 | 3 | -6/+56 |
| | |||||
* | update NEWS | Ard Biesheuvel | 2014-10-10 | 1 | -0/+3 |
| | | | | Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> |