| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
|
|
|
| |
Apparently, Apple's LLVM can't handle it otherwise o_O.
|
|
|
|
|
|
| |
The test images for #72603 and #72618 are broken, that seems to be
the cause of different test output. Seems also to be platform dependent,
so it's not reliable to depend on the exact error output.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
* PHP-5.5:
fix #72512, invalid read or write for palette image when invalid transparent index is used
|
|
|
|
|
| |
These are needed to support libxslt 1.1.29 on Windows. This libxslt version
fixes CVE-2015-7995 and for this reason needs to be used.
|
|
|
|
|
| |
* PHP-5.5:
Improve fix for #72520
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* PHP-5.5:
fix #72519, possible OOB using imagegif
fix #72512, invalid read or write for palette image when invalid transparent index is used
Apparently some envs miss SIZE_MAX
Fix tests
Fix bug #72618: NULL Pointer Dereference in exif_process_user_comment
Partial fix for bug #72613 - do not treat negative returns from bz2 as size_t
Fix bug #72606: heap-buffer-overflow (write) simplestring_addn simplestring.c
Fix for bug #72558, Integer overflow error within _gdContributionsAlloc()
Fix bug #72603: Out of bound read in exif_process_IFD_in_MAKERNOTE
Fix bug #72562 - destroy var_hash properly
Fix bug #72533 (locale_accept_from_http out-of-bounds access)
Fix fir bug #72520
Fix for bug #72513
CS fix and comments with bug ID
Fix for HTTP_PROXY issue.
add tests for bug #72512
Fixed bug #72512 gdImageTrueColorToPaletteBody allows arbitrary write/read access
Fixed bug #72479 - same as #72434
Conflicts:
ext/bz2/bz2.c
main/SAPI.c
main/php_variables.c
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
GlobIterator throws LogicException with message 'The parent constructor was
not called' on its first operation when the glob expression doesn't match
any file. It also throws on the first operation after the iteration
completes, when the glob expression matches some files.
# Resolved conflicts:
# ext/spl/spl_directory.c
|
|
|
|
| |
Fixes bug #72496.
|
| |
|
| |
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* PHP-5.5:
Fix the fix for #72403 on nl2br
5.5.38 now
Conflicts:
configure.in
main/php_version.h
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| | |
Obiously, it isn't sufficient to call sqlite3_clear_bindings() alone, but
also the bound_params of the php_sqlite3_stmt have to be cleared.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| | |
There is a difference between TS and NTS warning message, since
virtual_mkdir vs glibc directly is used. This has no effect for
the actual fix functionality.
|
| | |
|
| |
| |
| |
| | |
This reverts commit c5d9c508976bb289c265d99938bda4dbf14622d3.
|
| | |
|
|\ \
| |/
| |
| |
| | |
* PHP-5.5:
remove the huge test file, generate it on the fly instead
|
| | |
|
| | |
|
|\ \
| |/
| |
| |
| |
| | |
* PHP-5.5:
Now the right bug #
Fix NEWS
|
| | |
|
| | |
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* PHP-5.6.23:
Fixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
update NEWS
fix tests
fix build
Fix bug #72455: Heap Overflow due to integer overflows
Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fix bug #72407: NULL Pointer Dereference at _gdScaleVert
Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free
Fix bug #72298 pass2_no_dither out-of-bounds access
Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
Fix bug #72262 - do not overflow int
Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
Fix bug #72275: don't allow smart_str to overflow int
Fix bug #72340: Double Free Courruption in wddx_deserialize
Fix bug #72321 - use efree() for emalloc allocation
5.6.23RC1
Conflicts:
configure.in
main/php_version.h
|
| |\ \
| | |/
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* PHP-5.5:
Fixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
update NEWS
fix tests
fix build
Fix bug #72455: Heap Overflow due to integer overflows
Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fix bug #72407: NULL Pointer Dereference at _gdScaleVert
Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free
Fix bug #72298 pass2_no_dither out-of-bounds access
Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
Fix bug #72262 - do not overflow int
Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
Fix bug #72275: don't allow smart_str to overflow int
Fix bug #72340: Double Free Courruption in wddx_deserialize
update NEWS
Fix #66387: Stack overflow with imagefilltoborder
Skip test which is 64bits only
5.5.37 now
Conflicts:
configure.in
ext/mcrypt/mcrypt.c
ext/spl/spl_directory.c
main/php_version.h
|
| | |
| | |
| | |
| | | |
resulting in heap overflow
|
| | | |
|
| | |\
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* PHP-5.5.37:
fix tests
fix build
Fix bug #72455: Heap Overflow due to integer overflows
Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fix bug #72407: NULL Pointer Dereference at _gdScaleVert
Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free
Fix bug #72298 pass2_no_dither out-of-bounds access
Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
Fix bug #72262 - do not overflow int
Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
Fix bug #72275: don't allow smart_str to overflow int
Fix bug #72340: Double Free Courruption in wddx_deserialize
|
| | | | |
|
| | | | |
|
| | | | |
|