Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | fix ZTS buildphp-5.6.26PHP-5.6.26 | Remi Collet | 2016-09-15 | 1 | -1/+1 |
| | |||||
* | 5.6.26 | Ferenc Kovacs | 2016-09-15 | 3 | -6/+35 |
| | |||||
* | add test for bug #73068 | Anatol Belski | 2016-09-15 | 1 | -0/+37 |
| | |||||
* | missed semicolon | Anatol Belski | 2016-09-15 | 1 | -1/+1 |
| | |||||
* | fix C89 conformity | Anatol Belski | 2016-09-15 | 1 | -3/+3 |
| | |||||
* | Fix bug #72293 - Heap overflow in mysqlnd related to BIT fields | Stanislav Malyshev | 2016-09-15 | 1 | -1/+7 |
| | |||||
* | Fix test | Stanislav Malyshev | 2016-09-15 | 1 | -0/+5 |
| | |||||
* | Fix bug #73065: Out-Of-Bounds Read in php_wddx_push_element of wddx.c | Stanislav Malyshev | 2016-09-15 | 2 | -9/+108 |
| | |||||
* | Fix bug #73035 (Out of bound when verify signature of tar phar in ↵ | Stanislav Malyshev | 2016-09-15 | 3 | -1/+19 |
| | | | | phar_parse_tarfile) | ||||
* | Fix bug #73052 - Memory Corruption in During Deserialized-object Destruction | Stanislav Malyshev | 2016-09-15 | 4 | -33/+53 |
| | |||||
* | Add check in fgetcsv in case sizeof(unit) != sizeof(size_t) | Stanislav Malyshev | 2016-09-15 | 1 | -0/+4 |
| | |||||
* | Fix bug #73029 - Missing type check when unserializing SplArray | Stanislav Malyshev | 2016-09-15 | 2 | -4/+22 |
| | |||||
* | Fix bug #72860: wddx_deserialize use-after-free | Stanislav Malyshev | 2016-09-15 | 2 | -1/+29 |
| | |||||
* | Also fix overflow in wordwrap | Stanislav Malyshev | 2016-09-15 | 1 | -1/+1 |
| | |||||
* | Fix bug #73007: add locale length check | Stanislav Malyshev | 2016-09-15 | 1 | -0/+2 |
| | |||||
* | Add more checks for int overflow | Stanislav Malyshev | 2016-09-15 | 2 | -14/+14 |
| | |||||
* | Fix bug #72928 - Out of bound when verify signature of zip phar in ↵ | Stanislav Malyshev | 2016-09-15 | 4 | -1/+47 |
| | | | | phar_parse_zipfile | ||||
* | Fix various int size overflows. | Stanislav Malyshev | 2016-09-15 | 11 | -143/+210 |
| | | | | | Add function for detection of string zvals with length that does not fit INT_MAX. | ||||
* | Same issue as #72926 in another place. | Stanislav Malyshev | 2016-09-15 | 1 | -1/+4 |
| | |||||
* | Sync fix for bug #72910 with current upstream | Stanislav Malyshev | 2016-09-15 | 1 | -3/+5 |
| | |||||
* | fix double free | Anatol Belski | 2016-09-15 | 1 | -1/+0 |
| | |||||
* | Fix bug #72910 | Stanislav Malyshev | 2016-09-15 | 1 | -1/+1 |
| | | | | Merge upstream patch from https://github.com/kkos/oniguruma/commit/65bdf2a0d160d06556415e5f396a75f6b11bad5c | ||||
* | Revert "Fixed bug #72703 Out of bounds global memory read in BF_crypt ↵ | Ferenc Kovacs | 2016-09-15 | 2 | -25/+0 |
| | | | | | | triggered by password_verify" This reverts commit 295303b59059536079caf68b4d76acf2149bd42c. | ||||
* | PHP-5.6.26RC1php-5.6.26RC1 | Ferenc Kovacs | 2016-09-01 | 3 | -7/+7 |
| | |||||
* | Fix #71882 amendment 2: Negative ftruncate() on php://memory exhausts memory | Christoph M. Becker | 2016-08-31 | 1 | -2/+2 |
| | |||||
* | Fix #71882 amendment: Negative ftruncate() on php://memory exhausts memory | Christoph M. Becker | 2016-08-31 | 1 | -1/+1 |
| | | | | To avoid BC breaks, we do not raise a warning for now. | ||||
* | Update NEWS | Yasuo Ohgaki | 2016-08-31 | 1 | -0/+2 |
| | |||||
* | Fix #66797: mb_substr only takes 32-bit signed integer | Christoph M. Becker | 2016-08-30 | 3 | -0/+33 |
| | | | | | | `from` and `len` are `long`, but get passed to mbfl_substr() which expects `int`s. Therefore we clamp the values to avoid the undefined conversion behavior. | ||||
* | Test case for bug #72771 | Ville Hukkamäki | 2016-08-30 | 2 | -1/+31 |
| | |||||
* | Fix #71882: Negative ftruncate() on php://memory exhausts memory | Christoph M. Becker | 2016-08-30 | 3 | -0/+18 |
| | | | | We must not pass negative sizes to a size_t parameter. | ||||
* | fix HANDLE leak | Anatol Belski | 2016-08-29 | 1 | -0/+6 |
| | |||||
* | update NEWS | Anatol Belski | 2016-08-29 | 1 | -0/+2 |
| | |||||
* | ensure null termination | Anatol Belski | 2016-08-29 | 1 | -2/+3 |
| | |||||
* | Fixed bug #72703 Out of bounds global memory read in BF_crypt triggered by ↵ | Anatol Belski | 2016-08-29 | 2 | -0/+25 |
| | | | | password_verify | ||||
* | fix double free | Anatol Belski | 2016-08-29 | 1 | -4/+3 |
| | |||||
* | fix leak | Anatol Belski | 2016-08-29 | 1 | -0/+1 |
| | |||||
* | Added .user.ini support. | George Wang | 2016-08-28 | 1 | -32/+489 |
| | | | | | Added LSPHPRC support. update LiteSpeed SAPI version to 6.10 . | ||||
* | Fix #65550: get_browser() incorrectly parsers entries with "+" sign | Christoph M. Becker | 2016-08-27 | 3 | -0/+25 |
| | | | | | + signs in the browscap patterns are meant to be literal characters, so we have to escape them for the regex matching. | ||||
* | Fix #70825: Cannot fetch multiple values with group in ini file | Christoph M. Becker | 2016-08-25 | 3 | -0/+74 |
| | | | | | If we have the position already from the last fetch, we also have to preset the current group, because it won't be read again. | ||||
* | Fix #71514: Bad dba_replace condition because of wrong API usage | Christoph M. Becker | 2016-08-25 | 3 | -5/+37 |
| | | | | We're backporting commit 9e309a2d to PHP-5.6, because it is a bugfix. | ||||
* | backport relevant part from bug #72858 patch in 7.0 | Anatol Belski | 2016-08-25 | 1 | -2/+12 |
| | |||||
* | Fix #68716: possible resource leaks in _php_image_convert() | Christoph M. Becker | 2016-08-21 | 2 | -2/+22 |
| | | | | | We properly clean up after ourselves wrt. to closing opened file pointers and created images. | ||||
* | Fix #72913: imagecopy() loses single-color transparency on palette images | Christoph M. Becker | 2016-08-21 | 3 | -20/+31 |
| | | | | | The proper code to handle true-color to palette copies is already contained in gdImageCopy(), so we can simply remove the buggy duplicated code. | ||||
* | Fix #66005: imagecopy does not support 1bit transparency on truecolor images | Christoph M. Becker | 2016-08-21 | 3 | -1/+42 |
| | | | | | We must not copy transparent pixels, see <https://github.com/libgd/libgd/commit/daac285c>. | ||||
* | Merge branch 'PHP-5.6' of git.php.net:/php-src into PHP-5.6 | Xinchen Hui | 2016-08-21 | 7 | -14/+76 |
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | * 'PHP-5.6' of git.php.net:/php-src: Improvements to fix #72714, suggested by nikic Fix #65732: grapheme_*() is not Unicode compliant on CR LF sequence Fix #72714: _xml_startElementHandler() segmentation fault update NEWS Fixed bug #72852 imap_mail null dereference Revert "Fix dba configuration for Windows" Fix dba configuration for Windows Fix broken test include fix NEWS Add myself as PDO_OCI maintainer | ||||
| * | Improvements to fix #72714, suggested by nikic | Christoph M. Becker | 2016-08-20 | 2 | -3/+3 |
| | | |||||
| * | Fix #65732: grapheme_*() is not Unicode compliant on CR LF sequence | Christoph M. Becker | 2016-08-20 | 3 | -1/+24 |
| | | | | | | | | | | | | | | | | | | According to the Unicode specification (at least as of 5.1), CRLF sequences are considered to be a single grapheme. We cater to that special case by letting grapheme_ascii_check() fail. While it would be trivial to fix grapheme_ascii_check() wrt. grapheme_strlen(), grapheme_substr() and grapheme_strrpos() would be much harder to handle, so we accept the slight performance penalty if CRLF is involved. | ||||
| * | Fix #72714: _xml_startElementHandler() segmentation fault | Christoph M. Becker | 2016-08-20 | 3 | -8/+52 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The issue is caused by an integer overflow when the `long` passed as XML_OPTION_SKIP_TAGSTART is assigned to `xml_parser::toffset` which is declared as `int`. We can simply work around this issue, by clipping resulting negative values to 0 (and raising a notice in this case), because the reasonable range for this value is certainly catered to by positive `int`s. However, there still remains the issue that `xml_parser::toffset` is later added to `char *`s, which can cause OOB reads, so we make sure that the upper bound never exceeds the strlen(). We eschew optimizing `SKIP_TAGSTART` wrt. to the potentially duplicate strlen() call, because that code path is unexpected anyway. | ||||
| * | update NEWS | Anatol Belski | 2016-08-20 | 1 | -0/+3 |
| | | |||||
| * | Fixed bug #72852 imap_mail null dereference | Anatol Belski | 2016-08-20 | 1 | -3/+3 |
| | |