Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | 5.4.38php-5.4.38PHP-5.4.38 | Stanislav Malyshev | 2015-02-17 | 3 | -4/+4 |
| | |||||
* | Port for for bug #68552 | Stanislav Malyshev | 2015-02-17 | 2 | -4/+9 |
| | |||||
* | Fix bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone) | Stanislav Malyshev | 2015-02-17 | 2 | -7/+12 |
| | | | | | Conflicts: ext/date/php_date.c | ||||
* | - BFN | Felipe Pena | 2015-02-17 | 1 | -1/+7 |
| | |||||
* | - Fixed bug #67827 (broken detection of system crypt sha256/sha512 support) | Felipe Pena | 2015-02-17 | 1 | -8/+8 |
| | |||||
* | - Fixed bug #67427 (SoapServer cannot handle large messages) patch by: ↵ | Felipe Pena | 2015-02-16 | 1 | -0/+3 |
| | | | | brandt at docoloc dot de | ||||
* | Update NEWS | Yasuo Ohgaki | 2015-02-14 | 1 | -0/+1 |
| | |||||
* | Add NULL byte protection to exec, system and passthru | Yasuo Ohgaki | 2015-02-14 | 2 | -0/+29 |
| | |||||
* | Fixed #68790 (Missing return) | George Wang | 2015-02-07 | 1 | -1/+1 |
| | |||||
* | Update header handling to RFC 7230 | Stanislav Malyshev | 2015-02-05 | 5 | -16/+14 |
| | |||||
* | fix sizeof size | Stanislav Malyshev | 2015-02-01 | 1 | -1/+1 |
| | |||||
* | fix TSRM | Stanislav Malyshev | 2015-01-31 | 1 | -2/+2 |
| | |||||
* | Use better constant since MAXHOSTNAMELEN may mean shorter name | Stanislav Malyshev | 2015-01-31 | 5 | -12/+16 |
| | |||||
* | use right sizeof for memset | Stanislav Malyshev | 2015-01-31 | 1 | -1/+1 |
| | |||||
* | Add mitigation for CVE-2015-0235 (bug #68925) | Stanislav Malyshev | 2015-01-31 | 5 | -2/+44 |
| | |||||
* | fix some factual errors in the process | Ferenc Kovacs | 2015-01-22 | 1 | -6/+7 |
| | |||||
* | format | Stanislav Malyshev | 2015-01-20 | 1 | -1/+2 |
| | |||||
* | add CVE | Stanislav Malyshev | 2015-01-20 | 1 | -1/+2 |
| | |||||
* | add protection against nulls | Stanislav Malyshev | 2015-01-20 | 1 | -0/+5 |
| | |||||
* | 5.4.38 next | Stanislav Malyshev | 2015-01-20 | 3 | -6/+7 |
| | |||||
* | Merge branch 'bug68710' into PHP-5.4 | Stanislav Malyshev | 2015-01-20 | 4 | -3/+32 |
|\ | | | | | | | | | * bug68710: Fix for bug #68710 (Use After Free Vulnerability in PHP's unserialize()) | ||||
| * | Fix for bug #68710 (Use After Free Vulnerability in PHP's unserialize()) | Stanislav Malyshev | 2015-01-01 | 4 | -3/+32 |
| | | |||||
* | | Merge branch 'bug68799' into PHP-5.4 | Stanislav Malyshev | 2015-01-20 | 4 | -2/+68 |
|\ \ | | | | | | | | | | | | | * bug68799: Fix bug #68799: Free called on unitialized pointer | ||||
| * | | Fix bug #68799: Free called on unitialized pointer | Stanislav Malyshev | 2015-01-11 | 3 | -1/+64 |
| |/ | |||||
* | | Update NEWS | Daniel Lowrey | 2015-01-14 | 1 | -0/+3 |
| | | |||||
* | | Fixed bug #55618 (use case-insensitive cert name matching) | Daniel Lowrey | 2015-01-14 | 1 | -2/+2 |
| | | |||||
* | | updated libmagic.patch in 5.4 | Anatol Belski | 2015-01-04 | 1 | -315/+139 |
| | | |||||
* | | Fixed bug #68735 fileinfo out-of-bounds memory access | Anatol Belski | 2015-01-04 | 4 | -2/+28 |
| | | |||||
* | | removed dead code | Remi Collet | 2015-01-04 | 5 | -1544/+2 |
|/ | |||||
* | FIx bug #68618 (out of bounds read crashes php-cgi) | Stanislav Malyshev | 2014-12-30 | 2 | -2/+7 |
| | |||||
* | add missing NEWS entry | Ferenc Kovacs | 2014-12-17 | 1 | -0/+3 |
| | |||||
* | 5.4.37 | Stanislav Malyshev | 2014-12-16 | 3 | -5/+7 |
| | |||||
* | add CVE | Stanislav Malyshev | 2014-12-16 | 1 | -1/+1 |
| | |||||
* | add missing test file | Stanislav Malyshev | 2014-12-16 | 1 | -0/+7 |
| | |||||
* | Fix bug #68594 - Use after free vulnerability in unserialize() | Stanislav Malyshev | 2014-12-16 | 4 | -32/+64 |
| | |||||
* | Fix undefined behaviour in strnatcmp | Andrea Faulds | 2014-12-13 | 1 | -2/+2 |
| | |||||
* | update NEWS | Stanislav Malyshev | 2014-12-11 | 1 | -0/+1 |
| | |||||
* | move the test to the right place | Anatol Belski | 2014-12-11 | 1 | -0/+0 |
| | |||||
* | Fixed bug #68545 NULL pointer dereference in unserialize.c | Anatol Belski | 2014-12-11 | 3 | -33/+56 |
| | |||||
* | Fixed possible read after end of buffer and use after free. | Dmitry Stogov | 2014-12-08 | 1 | -2/+6 |
| | |||||
* | Revert unintentional docblock change | Chris Christoff | 2014-12-05 | 1 | -1/+1 |
| | | | | | | | | Revert unintentional docblock change It looks like commit dd8e59da8f5aafd9d77a0f1f17e5e272d09f643f introduced an unintended docbloc change. I have reverted this change in this commit. | ||||
* | make sure that we don't truncate the stack trace and cause false test ↵ | Ferenc Kovacs | 2014-12-02 | 1 | -0/+1 |
| | | | | failures when the test is executed in a directory with long path | ||||
* | update news | Stanislav Malyshev | 2014-11-30 | 2 | -5/+8 |
| | |||||
* | Apply error-code-salt fix to Windows too | Leigh | 2014-11-30 | 0 | -0/+0 |
| | | | | | Conflicts: ext/standard/crypt.c | ||||
* | Bug fixes in light of failing bcrypt tests | Leigh | 2014-11-30 | 2 | -1/+3 |
| | | | | | Conflicts: ext/standard/crypt.c | ||||
* | Add tests from 1.3. Add missing tests. | Leigh | 2014-11-30 | 1 | -2/+31 |
| | | | | 3 of the missing tests fail. // TODO | ||||
* | Upgrade crypt_blowfish to version 1.3 | Leigh | 2014-11-30 | 1 | -19/+24 |
| | |||||
* | update for LiteSpeed | Stanislav Malyshev | 2014-11-23 | 1 | -0/+3 |
| | |||||
* | Revert "made lsapi_main.c compatible with PHP7/phpng ." | Stanislav Malyshev | 2014-11-22 | 1 | -92/+26 |
| | | | | | This reverts commit 9fb816f45ad9baa46b91514e70f755eb88539e85. Not a security-related fix. | ||||
* | made lsapi_main.c compatible with PHP7/phpng . | George Wang | 2014-11-20 | 1 | -26/+92 |
| |