Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | | Add NEWS entry for bug #67730 | Lior Kaplan | 2014-08-20 | 1 | -0/+2 | |
| | | | | | | | | Included in 5.4.32 with commit 706aefb | |||||
* | | Add CVE ID for bug #67539 | Lior Kaplan | 2014-08-20 | 1 | -1/+1 | |
| | | ||||||
* | | Switch use of strtok() to gd_strtok_r() | Sara Golemon | 2014-08-19 | 2 | -2/+7 | |
| | | | | | | | | | | | | | | | | | | strtok() is not thread safe, so this will potentially break in very bad ways if used in ZTS mode. I'm not sure why gd_strtok_r() exists since it seems to do the same thing as strtok_r(), but I'll assume it's a portability decision and do as the Romans do. | |||||
* | | Merge tag 'PHP-5.4.32' into PHP-5.4 | Stanislav Malyshev | 2014-08-19 | 2 | -0/+7 | |
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 5.4.32 * tag 'PHP-5.4.32': 5.4.32 fix potentially missing NUL termination Fix bug #67730 - Null byte injection possible with imagexxx functions Fixed bug #67717 - segfault in dns_get_record Fix bug #67716 - Segfault in cdf.c 5.4.32 RC1 Conflicts: configure.in main/php_version.h | |||||
| * | | 5.4.32 | Stanislav Malyshev | 2014-08-19 | 3 | -4/+4 | |
| | | | ||||||
| * | | fix potentially missing NUL termination | Stanislav Malyshev | 2014-08-18 | 1 | -0/+2 | |
| | | | ||||||
| * | | Fix bug #67730 - Null byte injection possible with imagexxx functions | Stanislav Malyshev | 2014-08-18 | 2 | -0/+7 | |
| | | | ||||||
| * | | Fixed bug #67717 - segfault in dns_get_record | Stanislav Malyshev | 2014-08-18 | 2 | -25/+64 | |
| | | | ||||||
| * | | Fix bug #67716 - Segfault in cdf.c | Remi Collet | 2014-08-14 | 2 | -1/+2 | |
| | | | ||||||
| * | | 5.4.32 RC1php-5.4.32RC1 | Stanislav Malyshev | 2014-08-05 | 3 | -4/+4 | |
| | | | ||||||
* | | | NEWS | Remi Collet | 2014-08-19 | 1 | -0/+3 | |
| | | | ||||||
* | | | Fixed Sec Bug #67717 segfault in dns_get_record CVE-2014-3597 | Remi Collet | 2014-08-19 | 1 | -24/+60 | |
| | | | | | | | | | | | | | | | | | | | | | | | | Incomplete fix for CVE-2014-4049 Check possible buffer overflow - pass real buffer end to dn_expand calls - check buffer len before each read | |||||
* | | | Correct typo in comments: 'initialized' | Lior Kaplan | 2014-08-17 | 3 | -3/+3 | |
| | | | ||||||
* | | | typofixes | Veres Lajos | 2014-08-17 | 13 | -13/+13 | |
| | | | ||||||
* | | | Add NEWS | Keyur Govande | 2014-08-15 | 1 | -0/+3 | |
| | | | ||||||
* | | | Merge branch 'pull-request/772' into PHP-5.4 | Keyur Govande | 2014-08-15 | 10 | -18/+158 | |
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * pull-request/772: Fix failing tests Patch for bug #67839 (mysqli does not handle 4-byte floats correctly) Before the patch, a value of 9.99 in a FLOAT column came out of mysqli as 9.9998998641968. This is because it would naively cast a 4-byte float into PHP's internal 8-byte double. To fix this, with GCC we use the built-in decimal support to "up-convert" the 4-byte float to a 8-byte double. When that is not available, we fall back to converting the float to a string and then converting the string to a double. This mimics what MySQL does. | |||||
| * | | | Fix failing tests | Keyur Govande | 2014-08-14 | 7 | -14/+29 | |
| | | | | ||||||
| * | | | Patch for bug #67839 (mysqli does not handle 4-byte floats correctly) | Keyur Govande | 2014-08-14 | 3 | -4/+129 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Before the patch, a value of 9.99 in a FLOAT column came out of mysqli as 9.9998998641968. This is because it would naively cast a 4-byte float into PHP's internal 8-byte double. To fix this, with GCC we use the built-in decimal support to "up-convert" the 4-byte float to a 8-byte double. When that is not available, we fall back to converting the float to a string and then converting the string to a double. This mimics what MySQL does. | |||||
* | | | | Fix bug #67716 - Segfault in cdf.c | Remi Collet | 2014-08-14 | 2 | -5/+6 | |
| | | | | ||||||
* | | | | fix test | Stanislav Malyshev | 2014-08-14 | 1 | -1/+2 | |
| | | | | ||||||
* | | | | split the glob() test to test different basedir | Anatol Belski | 2014-08-14 | 4 | -39/+99 | |
| | | | | ||||||
* | | | | fixed glob() edge case on windows, ref bug #47358 | Anatol Belski | 2014-08-14 | 2 | -0/+57 | |
| | | | | ||||||
* | | | | - fix bug #47358, glob returns error, should be empty array() | Pierre Joye | 2014-08-14 | 3 | -4/+6 | |
|/ / / | | | | | | | | | | | | | Conflicts: ext/standard/dir.c | |||||
* | | | Merge branch 'PHP-5.3' into PHP-5.4 | Johannes Schlüter | 2014-08-14 | 1 | -4/+2 | |
|\ \ \ | ||||||
| * | | | Update Git rulesPHP-5.3 | Johannes Schlüter | 2014-08-14 | 1 | -4/+2 | |
| | | | | ||||||
| * | | | Back to -dev (with EOL notice in NEWS) | Johannes Schlüter | 2014-08-14 | 3 | -6/+10 | |
| | | | | ||||||
| * | | | It's 2014 already, fix copyright year where user visiblephp-5.3.29PHP-5.3.29 | Johannes Schlüter | 2014-08-13 | 8 | -12/+12 | |
| | | | | | | | | | | | | | | | | Left out all file headers | |||||
| * | | | PHP 5.3.29 | Johannes Schlüter | 2014-08-13 | 3 | -4/+4 | |
| | | | | ||||||
| * | | | PHP 5.3.29RC1php-5.3.29RC1 | Johannes Schlüter | 2014-07-31 | 3 | -4/+4 | |
| | | | | ||||||
| * | | | Fix missing type checks in various functions | Stanislav Malyshev | 2014-07-31 | 5 | -19/+41 | |
| | | | | ||||||
| * | | | update NEWS | Stanislav Malyshev | 2014-07-18 | 1 | -0/+50 | |
| | | | | ||||||
| * | | | Fix bug #67492: unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion | Stanislav Malyshev | 2014-07-18 | 3 | -5/+8 | |
| | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: ext/spl/spl_array.c ext/spl/tests/SplObjectStorage_unserialize_bad.phpt | |||||
| * | | | Fixed bug #67359 (Segfault in recursiveDirectoryIterator) | Xinchen Hui | 2014-07-18 | 3 | -0/+32 | |
| | | | | ||||||
| * | | | Fix bug #66127 (Segmentation fault with ArrayObject unset) | Stanislav Malyshev | 2014-07-18 | 3 | -1/+28 | |
| | | | | ||||||
| * | | | Fix test - because of big #67397 we don't allow overlong locales anymore | Stanislav Malyshev | 2014-07-18 | 1 | -3/+4 | |
| | | | | ||||||
| * | | | Fix bug #67397 (Buffer overflow in ↵ | Stanislav Malyshev | 2014-07-18 | 2 | -1/+30 | |
| | | | | | | | | | | | | | | | | locale_get_display_name->uloc_getDisplayName (libicu 4.8.1)) | |||||
| * | | | Fix bug #67349: Locale::parseLocale Double Free | Stanislav Malyshev | 2014-07-18 | 2 | -5/+8 | |
| | | | | ||||||
| * | | | Fixed bug #67399 (putenv with empty variable may lead to crash) | Stanislav Malyshev | 2014-07-18 | 2 | -55/+63 | |
| | | | | | | | | | | | | | | | | | | | | Conflicts: ext/standard/basic_functions.c | |||||
| * | | | Fixed Bug #67413 fileinfo: cdf_read_property_info insufficient boundary chec | Remi Collet | 2014-07-18 | 1 | -1/+5 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Upstream: https://github.com/file/file/commit/93e063ee374b6a75729df9e7201fb511e47e259d Adapted for C standard. | |||||
| * | | | Bug #67412 fileinfo: cdf_count_chain insufficient boundary check | Remi Collet | 2014-07-18 | 1 | -3/+4 | |
| | | | | | | | | | | | | | | | | | | | | Upstream: https://github.com/file/file/commit/40bade80cbe2af1d0b2cd0420cebd5d5905a2382 | |||||
| * | | | Fixed Bug #67411 fileinfo: cdf_check_stream_offset insufficient boundary check | Remi Collet | 2014-07-18 | 1 | -2/+4 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Upstream: https://github.com/file/file/commit/36fadd29849b8087af9f4586f89dbf74ea45be67 Conflicts: ext/fileinfo/libmagic/cdf.c | |||||
| * | | | Fixed Bug #67410 fileinfo: mconvert incorrect handling of truncated pascal ↵ | Remi Collet | 2014-07-18 | 1 | -3/+11 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | string size Upstream https://github.com/file/file/commit/27a14bc7ba285a0a5ebfdb55e54001aa11932b08 | |||||
| * | | | Fix bug #67498 - phpinfo() Type Confusion Information Leak Vulnerability | Stanislav Malyshev | 2014-07-18 | 2 | -4/+19 | |
| | | | | ||||||
| * | | | Fix bug #67326 fileinfo: cdf_read_short_sector insufficient boundary check | Remi Collet | 2014-07-18 | 1 | -2/+2 | |
| | | | | | | | | | | | | | | | | | | | | Upstream fix https://github.com/file/file/commit/6d209c1c489457397a5763bca4b28e43aac90391.patch Only revelant part applied | |||||
| * | | | fix bug #67253: timelib_meridian_with_check out-of-bounds read | Stanislav Malyshev | 2014-07-18 | 4 | -101/+151 | |
| | | | | | | | | | | | | | | | | | | | | Conflicts: ext/date/lib/parse_date.c | |||||
| * | | | Fix bug #67252: convert_uudecode out-of-bounds read | Stanislav Malyshev | 2014-07-18 | 2 | -0/+16 | |
| | | | | ||||||
| * | | | Fix bug #67250 (iptcparse out-of-bounds read) | Stanislav Malyshev | 2014-07-18 | 2 | -0/+11 | |
| | | | | ||||||
| * | | | Fix bug #67247 spl_fixedarray_resize integer overflow | Stanislav Malyshev | 2014-07-18 | 2 | -1/+14 | |
| | | | | ||||||
| * | | | Fix bug #67328 (fileinfo: numerous file_printf calls resulting in ↵ | Stanislav Malyshev | 2014-07-18 | 1 | -12/+4 | |
| | | | | | | | | | | | | | | | | | | | | | | | | performance degradation) Upstream patch: https://github.com/file/file/commit/b8acc83781d5a24cc5101e525d15efe0482c280d | |||||
| * | | | Fix bug #67327: fileinfo: CDF infinite loop in nelements DoS | Stanislav Malyshev | 2014-07-18 | 1 | -1/+7 | |
| | | | | | | | | | | | | | | | | Upstream fix: https://github.com/file/file/commit/f97486ef5dc3e8735440edc4fc8808c63e1a3ef0 |