Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | 5.6.39php-5.6.39PHP-5.6.39 | Ferenc Kovacs | 2018-12-05 | 3 | -8/+6 |
| | |||||
* | 5.6.40 will be next. probably not | Ferenc Kovacs | 2018-12-05 | 3 | -5/+7 |
| | |||||
* | Fix null pointer deref in qprint-encode filter (bug #77231) | Stanislav Malyshev | 2018-12-03 | 3 | -1/+16 |
| | |||||
* | Fix bug #77143 - add more checks to buffer reads | Stanislav Malyshev | 2018-12-03 | 5 | -11/+42 |
| | |||||
* | Fix #77020: null pointer dereference in imap_mail | Stanislav Malyshev | 2018-12-03 | 3 | -1/+16 |
| | | | | | | If an empty $message is passed to imap_mail(), we must not set message to NULL, since _php_imap_mail() is not supposed to handle NULL pointers (opposed to pointers to NUL). | ||||
* | Fix TSRM signature - php_stream_stat macro has it's own TSRM | Stanislav Malyshev | 2018-12-02 | 1 | -1/+1 |
| | |||||
* | Regenerate certificates for openssl tests | Alexander Kurilo | 2018-12-02 | 4 | -73/+58 |
| | |||||
* | Improve test for bug77022 | Stanislav Malyshev | 2018-12-02 | 1 | -1/+5 |
| | |||||
* | Fix bug #77022 - use file mode or umask for new files | Stanislav Malyshev | 2018-12-01 | 4 | -2/+50 |
| | |||||
* | Add DISPLAY_INI_ENTRIES for imap | Stanislav Malyshev | 2018-11-28 | 1 | -0/+2 |
| | |||||
* | Disable rsh/ssh functionality in imap by default (bug #77153) | Stanislav Malyshev | 2018-11-20 | 5 | -0/+53 |
| | |||||
* | 5.6.39 will be the next | Ferenc Kovacs | 2018-09-11 | 3 | -5/+7 |
| | |||||
* | Update NEWS | Stanislav Malyshev | 2018-09-09 | 1 | -0/+3 |
| | |||||
* | Fix for bug #76582 | Stanislav Malyshev | 2018-09-09 | 1 | -0/+1 |
| | | | | | The brigade seems to end up in a messed up state if something fails in shutdown, so we clean it up. | ||||
* | 5.6.38 will be next | Ferenc Kovacs | 2018-07-19 | 3 | -5/+7 |
| | |||||
* | Add NEWS | Stanislav Malyshev | 2018-07-16 | 1 | -0/+9 |
| | |||||
* | Fixed bug #76459 windows linkinfo lacks openbasedir check | Anatol Belski | 2018-07-16 | 1 | -1/+12 |
| | |||||
* | Fix bug #76557: heap-buffer-overflow (READ of size 48) while reading exif data | Stanislav Malyshev | 2018-07-16 | 3 | -1/+83 |
| | | | | Use MAKERNOTE length as data size. | ||||
* | Fix bug #76423 - Int Overflow lead to Heap OverFlow in ↵ | Stanislav Malyshev | 2018-07-16 | 3 | -1/+23 |
| | | | | exif_thumbnail_extract of exif.c | ||||
* | 5.6.37 will be next | Ferenc Kovacs | 2018-04-24 | 3 | -5/+21 |
| | |||||
* | Fix test portability | Anatol Belski | 2018-04-24 | 1 | -2/+4 |
| | |||||
* | Fix tsrm_ls | Stanislav Malyshev | 2018-04-23 | 1 | -1/+1 |
| | |||||
* | Merge remote-tracking branch 'security/bug76249' into PHP-5.6 | Stanislav Malyshev | 2018-04-23 | 2 | -0/+21 |
|\ | | | | | | | | | | | * security/bug76249: Fix test Fix bug #76249 - fail on invalid sequences | ||||
| * | Fix test | Stanislav Malyshev | 2018-04-22 | 1 | -2/+4 |
| | | |||||
| * | Fix bug #76249 - fail on invalid sequences | Stanislav Malyshev | 2018-04-22 | 2 | -0/+19 |
| | | |||||
* | | Merge remote-tracking branch 'security/bug76248' into PHP-5.6 | Stanislav Malyshev | 2018-04-23 | 2 | -1/+45 |
|\ \ | | | | | | | | | | | | | * security/bug76248: Fix bug #76248 - Malicious LDAP-Server Response causes Crash | ||||
| * | | Fix bug #76248 - Malicious LDAP-Server Response causes Crash | Stanislav Malyshev | 2018-04-22 | 2 | -1/+45 |
| |/ | |||||
* | | Fix #76129 - remove more potential unfiltered outputs for phar | Stanislav Malyshev | 2018-04-23 | 13 | -16/+14 |
| | | |||||
* | | Merge remote-tracking branch 'security/PHP-5.6' into PHP-5.6 | Stanislav Malyshev | 2018-04-23 | 4 | -1/+21 |
|\ \ | |/ |/| | | | | | | | * security/PHP-5.6: Fix #76130: Heap Buffer Overflow (READ: 1786) in exif_iif_add_value Fix bug #75981: prevent reading beyond buffer start | ||||
| * | Fix #76130: Heap Buffer Overflow (READ: 1786) in exif_iif_add_value | Christoph M. Becker | 2018-04-22 | 4 | -1/+21 |
| | | | | | | | | | | | | The MakerNote is not necessarily null-terminated, so we must not use `strlen()` to avoid OOB reads. Instead `php_strnlen()` is the proper way to handle this. | ||||
| * | Fix bug #75981: prevent reading beyond buffer start | Stanislav Malyshev | 2018-02-20 | 2 | -2/+34 |
| | | |||||
* | | [ci skip] 5.6.36 will be next | Ferenc Kovacs | 2018-03-28 | 3 | -5/+7 |
| | | |||||
* | | [ci skip] Update NEWS | Anatol Belski | 2018-03-27 | 1 | -0/+4 |
| | | |||||
* | | Do not set PR_SET_DUMPABLE by default | Jakub Zelenka | 2018-03-27 | 4 | -1/+11 |
| | | |||||
* | | 5.6.35 is next | Ferenc Kovacs | 2018-02-27 | 3 | -5/+7 |
| | | |||||
* | | [ci skip] Update NEWS | Anatol Belski | 2018-02-27 | 1 | -0/+3 |
| | | |||||
* | | Fix bug #75981: prevent reading beyond buffer start | Stanislav Malyshev | 2018-02-26 | 2 | -2/+34 |
| | | |||||
* | | [ci skip] Set FPM maintainership | Stanislav Malyshev | 2018-02-23 | 1 | -1/+1 |
|/ | | | | | As per http://news.php.net/php.internals/101897, Jakub is officially annointed as new FPM maintainer. | ||||
* | 2018 | Remi Collet | 2018-01-03 | 1 | -2/+2 |
| | |||||
* | php 5.6.34 is next | Ferenc Kovacs | 2018-01-03 | 3 | -5/+7 |
| | |||||
* | Update NEWS | Stanislav Malyshev | 2018-01-01 | 1 | -1/+7 |
| | |||||
* | Fixed bug #75571: Potential infinite loop in gdImageCreateFromGifCtx | Christoph M. Becker | 2018-01-01 | 3 | -5/+20 |
| | | | | | | | Due to a signedness confusion in `GetCode_` a corrupt GIF file can trigger an infinite loop. Furthermore we make sure that a GIF without any palette entries is treated as invalid *after* open palette entries have been removed. | ||||
* | Fix bug #74782: remove file name from output to avoid XSS | Stanislav Malyshev | 2018-01-01 | 14 | -45/+45 |
| | |||||
* | Backport and apply upstream patch for CVE-2017-14107 | Anatol Belski | 2017-10-27 | 1 | -1/+6 |
| | |||||
* | 5.6.33 is next | Ferenc Kovacs | 2017-10-25 | 3 | -5/+7 |
| | |||||
* | These tests all assume that IPV6 is available. | Rasmus Lerdorf | 2017-10-25 | 5 | -5/+20 |
| | |||||
* | fix the travis build for PHP-5.6 using precise instead of trusty | Ferenc Kovacs | 2017-10-25 | 1 | -1/+1 |
| | |||||
* | fix the travis build for PHP-5.6 using precise instead of trusty | Ferenc Kovacs | 2017-10-25 | 1 | -0/+1 |
| | |||||
* | Parametrize the expected value to avoid platform false positives | Anatol Belski | 2017-10-24 | 1 | -1/+1 |
| | |||||
* | [ci skip] update NEWS | Anatol Belski | 2017-10-24 | 1 | -0/+9 |
| |